Security Misconfiguration Vulnerability in HCL BigFix Service Management
CVE-2025-31983

3.7LOW

Key Information:

Vendor: HCL Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 6 May 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-31983?

HCL BigFix Service Management is susceptible to a security misconfiguration due to improper Content Security Policy (CSP) handling. This vulnerability can allow threat actors to inject malicious scripts, heightening the risk of cross-site scripting (XSS) attacks that can compromise sensitive information and undermine the integrity of the affected system. Properly configuring CSP headers is crucial to mitigate these risks.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31983 Data

JSON