CVE-2025-31973— HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCL | BigFix Service Management (SM) | 23 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-31973
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1395
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix Service Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix Service Management是印度HCL公司的一款IT服务管理与资产运营平台。 HCL BigFix Service Management存在安全漏洞,该漏洞源于配置问题,使用过时或不安全的基础镜像可能引入已知漏洞,增加应用环境被利用的风险。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCL | BigFix Service Management (SM) | 23 | - |
II. Public POCs for CVE-2025-31973
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-31973
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-31973 (1)
IV. Related Vulnerabilities
Same product: BigFix Service Management (SM)
- CVE-2025-31985
HCL BigFix Service Management (SM) is affected by a security - CVE-2024-30151
HCL BigFix Service Management (SM) is susceptible to Broken - CVE-2025-31960
HCL BigFix Service Management (SM) is vulnerable to informat - CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2025-31975
HCL BigFix Service Management (SM) is affected by an Informa
Same vendor: HCL
- CVE-2025-31985
HCL BigFix Service Management (SM) is affected by a security - CVE-2025-62305
HCL AION is affected by a vulnerability where certain operat - CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive info - CVE-2025-62308
HCL AION is affected by a vulnerability where sensitive back - CVE-2025-62309
HCL AION is affected by a vulnerability where auto-complete
Same weakness: CWE-1395
- CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics - Depen - CVE-2026-34652
Adobe Commerce | Dependency on Vulnerable Third-Party Compon - CVE-2026-34654
Adobe Commerce | Dependency on Vulnerable Third-Party Compon - CVE-2022-4988
Alien::FreeImage versions through 1.001 for Perl contains se - CVE-2025-59851
HCL DFXAnalytics is affected by an Insecure Security Header
V. Comments for CVE-2025-31973
No comments yet