CVE-2025-31983
Received Received - Intake
CSP Header Misconfiguration in HCL BigFix Service Management Leads to XSS

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: HCL Software

Description
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-31983
EUVD
EUVD-2025-209699
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech bigfix_service_management 23.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-358 The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in HCL BigFix Service Management (SM) is caused by a security misconfiguration related to the Content Security Policy (CSP) header.

This misconfiguration could allow attackers to inject malicious scripts into the application, which increases the risk of cross-site scripting (XSS) attacks.

Such XSS attacks can potentially expose sensitive information to unauthorized parties.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform cross-site scripting (XSS) attacks.

  • Attackers may inject malicious scripts that run in the context of your application.
  • This can lead to the exposure of sensitive information.
  • The CVSS score indicates a low to medium severity with potential limited impact on confidentiality and availability.
Compliance Impact

The vulnerability in HCL BigFix Service Management (SM) involves a security misconfiguration related to the Content Security Policy (CSP) header, which could allow attackers to inject malicious scripts and increase the risk of cross-site scripting (XSS). This type of vulnerability can potentially lead to exposure of sensitive information.

Exposure of sensitive information due to XSS vulnerabilities can impact compliance with common standards and regulations such as GDPR and HIPAA, which require protection of personal and sensitive data. However, the provided information does not explicitly detail the direct compliance impact or specific regulatory implications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31983. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart