CVE-2025-31979 MEDIUM

CVE-2025-31979: A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM)

Vendor Hcl Software
Product BigFix Service Management (SM)
Weakness CWE-434 · Unrestricted file upload
Published August 28, 2025
Last update August 28, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms.

Key dates

02Disclosure timeline

August 28, 2025 CVE published
August 28, 2025 Record updated