Information Disclosure Vulnerability in HCL BigFix Service Management
CVE-2025-31975

2.6LOW

Key Information:

Vendor: HCL Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-31975?

HCL BigFix Service Management is susceptible to an Information Disclosure vulnerability caused by improperly configured server banners. This weakness allows unauthorized users to view sensitive software version information and system details, potentially enabling them to exploit known vulnerabilities in the application. Organizations using BigFix SM should address this vulnerability by implementing the necessary security patches and configuration changes to protect their systems.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31975 Data

JSON