CVE-2025-31959

Summary

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Service Management (SM)23affected

Weaknesses

  • CWE-1230: CWE-1230: Exposure of Sensitive Information Through Metadata.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References