CVE-2025-31958
HTTP Request Smuggling in HCL BigFix Service Enables Attack Bypass
Publication date: 2026-04-21
Last updated on: 2026-04-22
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | bigfix_service_management | 23.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
HCL BigFix Service Management is vulnerable to HTTP Request Smuggling. This type of vulnerability occurs when web servers involved in processing HTTP requests interpret those requests differently due to inconsistent HTTP parsing.
Attackers exploit these inconsistencies between front-end and back-end servers to bypass security controls.
This can enable attacks such as cache poisoning or request hijacking.
How can this vulnerability impact me? :
The vulnerability allows attackers to bypass security controls by exploiting differences in HTTP request parsing between servers.
This can lead to attacks like cache poisoning, where malicious content is served to users, or request hijacking, where attacker-controlled requests are processed.
Such attacks can compromise the integrity and reliability of the web service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the HTTP Request Smuggling vulnerability in HCL BigFix Service Management affects compliance with common standards and regulations such as GDPR or HIPAA.