CVE-2025-31958 LOW

CVE-2025-31958: HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

Vendor Hclsoftware
Product BigFix Service Management (SM)
Weakness CWE-444
Published April 21, 2026
Last update April 21, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Key dates

02Disclosure timeline

April 21, 2026 CVE published
April 21, 2026 Record updated