CVE-2025-31983
Received Received - Intake

CSP Header Misconfiguration in HCL BigFix Service Management Leads to XSS

Vulnerability report for CVE-2025-31983, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: HCL Software

Description

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcltech bigfix_service_management 23.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-358 The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in HCL BigFix Service Management (SM) is caused by a security misconfiguration related to the Content Security Policy (CSP) header.

This misconfiguration could allow attackers to inject malicious scripts into the application, which increases the risk of cross-site scripting (XSS) attacks.

Such XSS attacks can potentially expose sensitive information to unauthorized parties.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform cross-site scripting (XSS) attacks.

  • Attackers may inject malicious scripts that run in the context of your application.
  • This can lead to the exposure of sensitive information.
  • The CVSS score indicates a low to medium severity with potential limited impact on confidentiality and availability.
Compliance Impact

The vulnerability in HCL BigFix Service Management (SM) involves a security misconfiguration related to the Content Security Policy (CSP) header, which could allow attackers to inject malicious scripts and increase the risk of cross-site scripting (XSS). This type of vulnerability can potentially lead to exposure of sensitive information.

Exposure of sensitive information due to XSS vulnerabilities can impact compliance with common standards and regulations such as GDPR and HIPAA, which require protection of personal and sensitive data. However, the provided information does not explicitly detail the direct compliance impact or specific regulatory implications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31983. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart