What is CVE-2025-31981?

CVE-2025-31981 is a medium-severity vulnerability in Hclsoftware Bigfix Service Management (Sm), classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.3/10. Published 2026-04-21.

How severe is CVE-2025-31981?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Hclsoftware Bigfix Service Management (Sm)

CVE-2025-31981

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and un…

EPSS: 0.000 (1.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Hclsoftware Bigfix Service Management (Sm) — versions 23

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

support.hcl-software.com/csm

Frequently asked questions

What is CVE-2025-31981?: CVE-2025-31981 is a medium-severity vulnerability in Hclsoftware Bigfix Service Management (Sm), classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.3/10. Published 2026-04-21.
How severe is CVE-2025-31981?: Medium severity. CVSS v3 base score is 5.3 out of 10.