CVE-2025-31972

Summary

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Service Management (SM)23affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References