CVE-2025-31973 MEDIUM

CVE-2025-31973: HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

Vendor Hcl
Product BigFix Service Management (SM)
Weakness CWE-1395
Published May 20, 2026
Last update May 20, 2026

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.

Key dates

02Disclosure timeline

May 20, 2026 CVE published
May 20, 2026 Record updated