Cross-Site Request Forgery Vulnerability in HHCL BigFix Service Management
CVE-2025-31957

2.6LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31957?

The HHCL BigFix Service Management platform is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. Exploiting this flaw may allow attackers to perform unauthorized actions on behalf of potentially authenticated users, resulting in unauthorized modifications or exposure of sensitive information. Organizations utilizing this product must implement necessary mitigations to safeguard their systems against such risks.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31957 Data

JSON