Information Disclosure Vulnerability in HCL BigFix Service Management
CVE-2025-31982

3.7LOW

Key Information:

Vendor: HCL Software Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31982?

The HCL BigFix Service Management is susceptible to a vulnerability where directories, although not linked or publicly visible, are accessible through direct access. This can potentially lead to the unauthorized disclosure of sensitive information or misappropriation of critical functionalities, thereby raising significant security concerns. Organizations using this product should assess their exposure and implement necessary measures to secure their sensitive data.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31982 Data

JSON