CVE-2025-31960

Summary

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception.

Affected Software

VendorProductVersion RangeStatus
HCLBigFix Service Management (SM)23affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References