CVE-2025-31973
Insecure Base Image Usage in HCL BigFix Service Management
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | bigfix_service_management | 23.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL BigFix Service Management (SM) is related to the insecure use of base image versions. Specifically, using outdated or insecure base images can introduce known vulnerabilities into the application environment, which may increase the risk of exploitation.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential exploitation due to the presence of known vulnerabilities in outdated or insecure base images. This can lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS score, meaning some data exposure, modification, or service disruption could occur.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the insecure use of outdated or insecure base images in HCL BigFix Service Management, which may introduce known vulnerabilities and increase the risk of exploitation.
While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the increased risk of exploitation due to insecure base images could potentially lead to unauthorized access or data breaches, which are relevant concerns under these regulations.
Therefore, organizations using affected versions should consider the impact on their security posture and compliance obligations, as exploitation could result in violations of data protection requirements.