CVE-2025-31958

LOW

3.7

Description

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Details CVE

Score CVSS v3.13.7

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurNONE

Publie4/21/2026

Derniere modification4/22/2026

Sourcenvd

Observations honeypot0

Produits affectes

hcltech:bigfix_service_management

Faiblesses (CWE)

CWE-444

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209(psirt@hcl.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.