What is CVE-2025-31960?

CVE-2025-31960 is a medium-severity vulnerability in Hcl Bigfix Service Management (Sm), classified under Generation of Error Message Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-05-06.

How severe is CVE-2025-31960?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Information disclosure in Hcl Bigfix Service Management (Sm)

CVE-2025-31960

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a…

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Hcl Bigfix Service Management (Sm) — versions 23
Hcltech Bigfix_service_management — versions 23.0

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

psirt@hcl.com (Vendor Advisory)

Frequently asked questions

What is CVE-2025-31960?: CVE-2025-31960 is a medium-severity vulnerability in Hcl Bigfix Service Management (Sm), classified under Generation of Error Message Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-05-06.
How severe is CVE-2025-31960?: Medium severity. CVSS v3 base score is 5.3 out of 10.