CVE-2025-31979
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: HCL Software

Description
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-31979
EUVD
EUVD-2025-26118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl bigfix 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a File Upload Validation Bypass in HCL BigFix SM. It occurs because the application does not properly enforce file type restrictions during the upload process, allowing an attacker to upload malicious or unauthorized files such as scripts, executables, or web shells by bypassing client-side or server-side validation.

Impact Analysis

An attacker exploiting this vulnerability can upload malicious files to the system, potentially leading to unauthorized code execution, system compromise, or further attacks using uploaded scripts or web shells. This can result in data breaches, service disruption, or unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart