CVE-2025-31983 LOW

CVE-2025-31983: HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header

Vendor Hcl
Product BigFix Service Management (SM)
Weakness CWE-358
Published May 6, 2026
Last update May 6, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated