CVE-2025-31978

CVSS Score & Metrics

Base Score

4.6 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N                                    

Vulnerability Description

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.

Vulnerability Details

Published Date

May 06, 2026

Last Modified

May 07, 2026

CWE ID

CWE-201

Source

NVD

Vendor

HCL Software

Product

BigFix Service Management (SM)

External References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment