HCL BigFix Service Management (SM) is susceptible to HTTP Request...

3.7 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Basic Information

ID CVE-2025-31958

Source HCL

Published Apr 21, 2026 at 13:59

Affected Product

Vendor HCLSoftware

Product BigFix Service Management (SM)

Version 23

Affected Versions HCLSoftware BigFix Service Management (SM) 23

CWE Classification

CWE-444

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL BigFix Service Management is susceptible to HTTP Request Smuggling.\u00a0 HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.",
    "published": "2026-04-21T13:59:14.787Z",
    "modified": "2026-04-21T13:59:14.787Z",
    "type": "cve",
    "title": "HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209",
    "id": "CVE-2025-31958",
    "bulletinFamily": "",
    "cwe": [
        "CWE-444"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware BigFix Service Management (SM) 23",
    "sourceHref": "",
    "cvss": {
        "score": 3.7,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Service Management (SM)",
    "version": "23",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling_CVE-2025-31958