What is CVE-2025-31982?

CVE-2025-31982 is a low-severity vulnerability in Hcl Software Bigfix Service Management (Sm), classified under Information Disclosure. CVSS score: 3.7/10. Published 2026-05-06.

How severe is CVE-2025-31982?

Low severity. CVSS v3 base score is 3.7 out of 10.

Information disclosure in Hcl Software Bigfix Service Management (Sm)

CVE-2025-31982

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.

Vulnerability class: Information Disclosure

EPSS: 0.000 (9.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L.

Affected products

Hcl Software Bigfix Service Management (Sm) — versions 23
Hcltech Bigfix_service_management — versions 23.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@hcl.com (Vendor Advisory)

Frequently asked questions

What is CVE-2025-31982?: CVE-2025-31982 is a low-severity vulnerability in Hcl Software Bigfix Service Management (Sm), classified under Information Disclosure. CVSS score: 3.7/10. Published 2026-05-06.
How severe is CVE-2025-31982?: Low severity. CVSS v3 base score is 3.7 out of 10.