What is CVE-2025-31978?

CVE-2025-31978 is a medium-severity vulnerability in Hcl Software Bigfix Service Management (Sm), classified under Insertion of Sensitive Information into Sent Data. CVSS score: 4.6/10. Published 2026-05-06.

How severe is CVE-2025-31978?

Medium severity. CVSS v3 base score is 4.6 out of 10.

Vulnerability in Hcl Software Bigfix Service Management (Sm)

CVE-2025-31978

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt…

EPSS: 0.000 (8.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Affected products

Hcl Software Bigfix Service Management (Sm) — versions 23
Hcltech Bigfix_service_management — versions 23.0

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data

References

psirt@hcl.com (Vendor Advisory)

Frequently asked questions

What is CVE-2025-31978?: CVE-2025-31978 is a medium-severity vulnerability in Hcl Software Bigfix Service Management (Sm), classified under Insertion of Sensitive Information into Sent Data. CVSS score: 4.6/10. Published 2026-05-06.
How severe is CVE-2025-31978?: Medium severity. CVSS v3 base score is 4.6 out of 10.