What is CVE-2025-31962?

CVE-2025-31962 is a low-severity vulnerability in Hclsoftware Bigfix Ivr, classified under Insufficient Session Expiration. CVSS score: 2.0/10. Published 2026-01-07.

How severe is CVE-2025-31962?

Low severity. CVSS v3 base score is 2.0 out of 10.

Vulnerability in Hclsoftware Bigfix Ivr

CVE-2025-31962

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N.

Affected products

Hclsoftware Bigfix Ivr — versions 4.2

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

support.hcl-software.com/csm

Frequently asked questions

What is CVE-2025-31962?: CVE-2025-31962 is a low-severity vulnerability in Hclsoftware Bigfix Ivr, classified under Insufficient Session Expiration. CVSS score: 2.0/10. Published 2026-01-07.
How severe is CVE-2025-31962?: Low severity. CVSS v3 base score is 2.0 out of 10.