CVE-2025-31951

Summary

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

Affected Software

VendorProductVersion RangeStatus
HCLBigFix RunBookAI11.2affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-451: CWE-451:User Interface (UI) Misrepresentation of Critical Information
  • CWE-351: CWE-351 Insufficient type distinction

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References