CVE-2025-31957 LOW

CVE-2025-31957: HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

Vendor Hcl Software
Product BigFix Service Management (SM)
Weakness CWE-352 · CSRF
Published May 6, 2026
Last update May 6, 2026

CVSS base score

2.6/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated