HCL BigFix Service Management (SM) application fails to strip EXIF...

3.5 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Description

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

Basic Information

ID CVE-2025-31959

Source HCL

Published May 6, 2026 at 13:47

Affected Product

Vendor HCL Software

Product BigFix Service Management (SM)

Version 23

Affected Versions HCL Software BigFix Service Management (SM) 23

CWE Classification

CWE-1230

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.  This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .",
    "published": "2026-05-06T13:47:20.437Z",
    "modified": "2026-05-06T13:47:20.437Z",
    "type": "cve",
    "title": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144",
    "id": "CVE-2025-31959",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1230"
    ],
    "cvelist": null,
    "sourceData": "HCL Software BigFix Service Management (SM) 23",
    "sourceHref": "",
    "cvss": {
        "score": 3.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Service Management (SM)",
    "version": "23",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images._CVE-2025-31959