HTTP Request Smuggling Vulnerability in HCL BigFix Service Management
CVE-2025-31958

3.7LOW

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 21 April 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-31958?

HCL BigFix Service Management is exposed to an HTTP Request Smuggling vulnerability that occurs due to inconsistent handling of HTTP requests between web servers. This vulnerability allows attackers to exploit the discrepancies in the parsing of requests, potentially bypassing security measures, leading to attacks such as cache poisoning and request hijacking. Organizations using this software should prioritize updating their systems to mitigate the risk associated with this security flaw.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31958 Data

JSON