CVE-2025-31964 LOW

CVE-2025-31964: HCL BigFix IVR is impacted by an improper service binding configuration

Vendor Hclsoftware

Product BigFix IVR

Weakness CWE-200 · Info exposure

Published January 7, 2026

Last update January 7, 2026

View on NVD All CVEs

CVSS base score

2.2/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.

Key dates

02Disclosure timeline

January 7, 2026 CVE published

January 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31964 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-37113 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability CVE-2025-2228 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure CVE-2024-10321 All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect