CVE-2025-31951HIGH 8.8EPSS p15.8%

CVE-2025-31951CVE-2025-31951

Description

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.25% probability of exploitation · percentile 15.8% · 2026-06-18T12:00:27Z
Published2026-05-06
Last modified2026-05-06

Underlying weaknesses· 3

CWE-77CWE-351CWE-451

References

  1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130444

3

TypeTargetConfidenceTier
WeaknessInsufficient Type Distinctioncwe-3510%live
WeaknessUser Interface (UI) Misrepresentation of Critical Informationcwe-4510%live
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-62338
CVE
CVE-2025-31958
CVE
CVE-2025-31973
CVE
CVE-2025-31965
CVE
CVE-2025-52618
CVE
CVE-2025-52613
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.