CVE-2025-31958
Last modified
CVE-2025-31958 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hcltech | Bigfix Service Management | 23.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-31958?
How severe is CVE-2025-31958?
How do I fix CVE-2025-31958?
Are you affected by CVE-2025-31958?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST