CVE-2025-31959

EPSS 0.03%
Veröffentlicht 06.05.2026 13:47:20
Zuletzt bearbeitet 07.05.2026 16:35:04
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.  This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Bigfix Service Management Version23.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.076

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-1230 Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-31959

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31959

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31959

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-31959