Security Misconfiguration in HCL BigFix Service Management Affects Browsers' Content Handling
CVE-2025-31985

3.7LOW

Key Information:

Vendor: HCL Software
Status: Bigfix Service Management (sm)
Vendor: CVE Published:; 20 May 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-31985?

HCL BigFix Service Management is affected by a security misconfiguration stemming from a missing or incorrectly configured 'X-Content-Type-Options' HTTP response header. This absence allows web browsers to perform MIME-type sniffing, which could inadvertently lead to the execution of malicious content. It is crucial for organizations using affected versions to ensure proper security headers are implemented to mitigate these risks and protect against potential exploitation scenarios.

Affected Version(s)

BigFix Service Management (SM) 23

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31985 Data

JSON