CVE-2025-31985 LOW

CVE-2025-31985: HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header

Vendor Hcl
Product BigFix Service Management (SM)
Weakness CWE-200 · Info exposure
Published May 20, 2026
Last update May 20, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.

Key dates

02Disclosure timeline

May 20, 2026 CVE published
May 20, 2026 Record updated

Related vulnerabilities

04Related CVE