CVE-2025-31958— HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-31958
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix Service Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix Service Management是印度HCL公司的一款IT服务管理与资产运营平台。 HCL BigFix Service Management存在安全漏洞,该漏洞源于HTTP请求夹带,可能导致攻击者绕过安全控制,执行缓存投毒或请求劫持等攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | BigFix Service Management (SM) | 23 | - |
II. Public POCs for CVE-2025-31958
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-31958
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: BigFix Service Management (SM)
- CVE-2024-30151
HCL BigFix Service Management (SM) is susceptible to Broken - CVE-2025-31960
HCL BigFix Service Management (SM) is vulnerable to informat - CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2025-31975
HCL BigFix Service Management (SM) is affected by an Informa - CVE-2025-52613
HCL BigFix Service Management (SM) is affected by use of a v
Same vendor: HCLSoftware
- CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is vulnerable t - CVE-2025-31991
HCL DevOps Velocity is susceptible to brute-force attacks - CVE-2026-21767
HCL BigFix Platform is affected by insufficient authenticati
Same weakness: CWE-444
- CVE-2026-40562
Gazelle versions through 0.49 for Perl allows HTTP Request S - CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request S - CVE-2026-39805
CL.CL HTTP request smuggling via duplicate Content-Length in - CVE-2026-40560
Starman versions before 0.4018 for Perl allows HTTP Request - CVE-2026-41873
Pony Mail: Admin account takeover via request smuggling
V. Comments for CVE-2025-31958
No comments yet