CVE-2025-31981

Summary

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareBigFix Service Management (SM)23affected

Weaknesses

  • CWE-319: CWE-319 Cleartext transmission of sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References