Cyber Resilience

CVE-2025-31958

Low

Published: 21 April 2026

Published
21 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0018 7.4th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2025-31958 is a low-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Hcltech Bigfix Service Management. Its CVSS base score is 3.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-31958 is an HTTP Request Smuggling vulnerability (CWE-444) affecting HCL BigFix Service Management. This issue stems from inconsistencies in HTTP request parsing when websites route requests through front-end and back-end web servers, enabling exploitation of parsing discrepancies.

Remote attackers require no privileges or user interaction to target systems over the network, though exploitation demands high attack complexity. Successful attacks allow bypassing security controls, with potential outcomes including cache poisoning or request hijacking, leading to low confidentiality impact as reflected in the CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

The HCL Software advisory provides details on mitigation at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing…

more

attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

HTTP Request Smuggling in a public-facing web service directly enables exploitation of the application (T1190) to bypass controls or hijack requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-30151Same product: Hcltech Bigfix Service Management
CVE-2025-31973Same product: Hcltech Bigfix Service Management
CVE-2024-42172Same vendor: Hcltech
CVE-2025-55271Same vendor: Hcltech
CVE-2024-42168Same vendor: Hcltech
CVE-2025-62319Same vendor: Hcltech
CVE-2025-52628Same vendor: Hcltech
CVE-2025-55262Same vendor: Hcltech
CVE-2024-42175Same vendor: Hcltech
CVE-2026-40562Shared CWE-444

Affected Assets

hcltech
bigfix service management
23.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the HTTP request smuggling flaw in HCL BigFix Service Management by applying vendor patches from the HCL advisory to eliminate parsing inconsistencies.

preventdetect

Monitors and controls HTTP communications at front-end boundaries to block or detect smuggled requests exploiting parsing discrepancies between front-end and back-end servers.

prevent

Enforces standardized configuration settings on web servers for consistent HTTP parsing, preventing exploitation of front-end/back-end inconsistencies leading to cache poisoning or request hijacking.

References