CVE-2025-31958
Received Received - Intake
HTTP Request Smuggling in HCL BigFix Service Enables Attack Bypass

Publication date: 2026-04-21

Last updated on: 2026-04-22

Assigner: HCL Software

Description
HCL BigFix Service Management is susceptible to HTTP Request Smuggling.Β  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-31958
EUVD
EUVD-2025-209541
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech bigfix_service_management 23.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

HCL BigFix Service Management is vulnerable to HTTP Request Smuggling. This type of vulnerability occurs when web servers involved in processing HTTP requests interpret those requests differently due to inconsistent HTTP parsing.

Attackers exploit these inconsistencies between front-end and back-end servers to bypass security controls.

This can enable attacks such as cache poisoning or request hijacking.

Impact Analysis

The vulnerability allows attackers to bypass security controls by exploiting differences in HTTP request parsing between servers.

This can lead to attacks like cache poisoning, where malicious content is served to users, or request hijacking, where attacker-controlled requests are processed.

Such attacks can compromise the integrity and reliability of the web service.

Compliance Impact

The provided information does not specify how the HTTP Request Smuggling vulnerability in HCL BigFix Service Management affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31958. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart