CVEFinder.io

CVE-2025-31957

ℹ️ low
🔍 Scan for this CVE
Summary

HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.

CVSS Score
2.6
Low
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-06
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 1.6% of all 330,193 vulnerabilities in our database.

#325,065
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 6, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-352

📦 Affected Products 1

Vendor Product Status Affected Versions
hcltech bigfix_service_management Affected
v23.0

🔗 References 1

https://support.hcl-software.com/csm?id=kb_article&s...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-31973 🔶 medium 4.0 0.0 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using ou... 2026-05-20
CVE-2025-31985 ℹ️ low 3.7 0.0 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-... 2026-05-20
CVE-2025-31959 ℹ️ low 3.5 0.0 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to co... 2026-05-06
CVE-2025-31975 ℹ️ low 2.6 0.0 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Expo... 2026-05-06
CVE-2025-31976 🔶 medium 4.8 0.0 HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while comm... 2026-05-06
CVE-2025-31978 🔶 medium 4.6 0.0 HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) befo... 2026-05-06
These CVEs affect the same products