A security scan may report a vulnerability concerning CVE-2025-58754 related to the Axios component utilized within the DX Unified Infrastructure Management (UIM) Operator Console (OC).

Customers running security audits might require an assessment of the risk severity and a path to remediation.

• Product: DX Unified Infrastructure Management (UIM) 

• Version: 23.4 (up to CU7)

• Component: Operator Console (OC)

The vulnerability stems from an outdated third-party dependency version of Axios packaged within the Operator Console application deployment.

The engineering team has thoroughly assessed this vulnerability and determined it to be Low Risk for standard environments due to the following architectural factors:

• Internal Scope Only: Axios is utilized strictly for internal communications within the Operator Console application logic.

• Non-Internet Facing: The Operator Console (OC) is traditionally deployed within secure internal networks and is not designed to be an internet-facing web application.

• Unexposed Code Path: The specific vulnerable code path (involving untrusted data: URI handling) is not exposed to or reachable by external users in the current UIM deployment model.

Permanent Fix

This issue will be officially remediated in an upcoming cumulative update.

• Target Release: DX UIM 23.4 CU8

• Remediation Details: The internal Axios component will be upgraded to the non-vulnerable version 0.30.2 to maintain strict compliance with security best practices.