CVE-2025-31982

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl

CVSS 3.7 LOWEPSS 0.2%CWE-200

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

Affected products

HCL Software · BigFix Service Management (SM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144