Insecure Configuration in HCL BigFix Service Management
CVE-2025-31973

4MEDIUM

Key Information:

Vendor: HCL Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 20 May 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-31973?

HCL BigFix Service Management is vulnerable due to the insecure use of outdated or insecure base images. This misconfiguration can lead to the introduction of known vulnerabilities, heightening the risk of exploitation in the application environment and impacting the security posture of the organization. It is crucial for users to regularly update their base images to mitigate potential threats and ensure robust application security.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31973 Data

JSON