CVE Catalog

CVE-2025-31976

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

The vulnerability in HCL BigFix Service Management (SM) involves insufficiently protected credentials for a short duration during communication with a backend internal application. This could allow an attacker to intercept and misuse them if exfiltrated.

Risk Assessment

The risk is that an attacker could capture credentials, potentially leading to unauthorized access to internal systems and organizational data.

Recommendation

It is recommended to immediately update HCL BigFix Service Management to the latest patched version and implement additional monitoring of backend communications to detect potential credential leaks.

Original NVD description (English source)

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated. .

Vulnerability data from NVD (NIST) · CISA KEV · EPSS