CVE-2025-31973

4.0 MEDIUM

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 4.0 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Affected products

Vendor	Product
hcltech	bigfix_service_management

Description

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-31973
[Vendor advisory]https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144

Related CVEs

Same vendor

CVE-2026-21837 — HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API (8.8 HIGH)
CVE-2026-21826 — HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection (6.1 MEDIUM)
CVE-2026-21825 — HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center (6.1 MEDIUM)
CVE-2025-52612 — HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)