Image Processing Flaw in HCL BigFix Service Management Reveals Sensitive Data
CVE-2025-31959

3.5LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31959?

The HCL BigFix Service Management application has a vulnerability that fails to adequately remove EXIF metadata from uploaded images. This oversight can inadvertently expose sensitive location and personal information, creating significant privacy risks for users. Organizations utilizing this application should assess their image upload practices to prevent unintentional data disclosure.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31959 Data

JSON