CVE-2025-31973
Analyzed Analyzed - Analysis Complete

Insecure Base Image Usage in HCL BigFix Service Management

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: HCL Software

Description
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-30
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-28
NVD
CVE-2025-31973
EUVD
EUVD-2025-209905

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcltech bigfix_service_management 23.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in HCL BigFix Service Management (SM) is related to the insecure use of base image versions. Specifically, using outdated or insecure base images can introduce known vulnerabilities into the application environment, which may increase the risk of exploitation.

Impact Analysis

The impact of this vulnerability includes potential exploitation due to the presence of known vulnerabilities in outdated or insecure base images. This can lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS score, meaning some data exposure, modification, or service disruption could occur.

Compliance Impact

The vulnerability involves the insecure use of outdated or insecure base images in HCL BigFix Service Management, which may introduce known vulnerabilities and increase the risk of exploitation.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the increased risk of exploitation due to insecure base images could potentially lead to unauthorized access or data breaches, which are relevant concerns under these regulations.

Therefore, organizations using affected versions should consider the impact on their security posture and compliance obligations, as exploitation could result in violations of data protection requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31973. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart