4.6

CVE-2025-31978

EPSS 0.03%
Veröffentlicht 06.05.2026 13:48:32
Zuletzt bearbeitet 07.05.2026 16:26:10
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix Service Management (SM) does not adequately sanitize or safely render

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Bigfix Service Management Version23.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.082

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-31978

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31978

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31978

EUVD