CVE-2025-31958

Low

Published: 21 April 2026

Published

21 April 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0004 11.4th percentile

Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31958 is a low-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Hcltech Bigfix Service Management. Its CVSS base score is 3.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the HTTP request smuggling flaw in HCL BigFix Service Management by applying vendor patches from the HCL advisory to eliminate parsing inconsistencies.

SC-7 Boundary Protection good match

preventdetect

Monitors and controls HTTP communications at front-end boundaries to block or detect smuggled requests exploiting parsing discrepancies between front-end and back-end servers.

CM-6 Configuration Settings good match

prevent

Enforces standardized configuration settings on web servers for consistent HTTP parsing, preventing exploitation of front-end/back-end inconsistencies leading to cache poisoning or request hijacking.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

HTTP Request Smuggling in a public-facing web service directly enables exploitation of the application (T1190) to bypass controls or hijack requests.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing…

attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Deeper analysisAI

CVE-2025-31958 is an HTTP Request Smuggling vulnerability (CWE-444) affecting HCL BigFix Service Management. This issue stems from inconsistencies in HTTP request parsing when websites route requests through front-end and back-end web servers, enabling exploitation of parsing discrepancies.

Remote attackers require no privileges or user interaction to target systems over the network, though exploitation demands high attack complexity. Successful attacks allow bypassing security controls, with potential outcomes including cache poisoning or request hijacking, leading to low confidentiality impact as reflected in the CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

The HCL Software advisory provides details on mitigation at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209.