Spreadsheet File Handling Vulnerability in HCL BigFix Service Management
CVE-2025-31978

4.6MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31978?

HCL BigFix Service Management exhibits a critical security gap in how it processes spreadsheet files, including CSV, XLS, and XLSX formats. The software fails to adequately sanitize or securely render these files before processing or distributing them. This flaw could enable an attacker to inject malicious content into data fields, risking information exfiltration or other forms of malicious exploitation when these files are executed in spreadsheet software. Although modern versions of Excel alert users about untrusted content, the inherent risk remains if such files are executed without scrutiny.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31978 Data

JSON