CVE-2025-31978
πΆ mediumSummary
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.
CVSS Score
4.6
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-06
First Seen: 2026-05-10
π Relative Risk Intelligence
This CVE is Lower Risk - more severe than 13.0% of all 330,193 vulnerabilities in our database.
#287,277
Below average severity
Severity Percentile
π― CISA SSVC Assessment Updated: May 6, 2026
π Exploitation Status
None
No known exploits
βοΈ Automatable
NO
Requires human interaction
π₯ Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-05-07
Source
NVD π
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)