CVE-2025-31958HIGH 8.2EPSS p7.5%

CVE-2025-31958CVE-2025-31958

Description

HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS0.18% probability of exploitation · percentile 7.5% · 2026-06-18T12:00:27Z
Published2026-04-21
Last modified2026-04-22

Underlying weaknesses· 1

CWE-444

References

  1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209

1

TypeTargetConfidenceTier
WeaknessInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')cwe-4440%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-31951
CVE
CVE-2025-31965
CVE
CVE-2025-52613
CVE
CVE-2025-31973
CVE
CVE-2025-62338
CVE
CVE-2026-21785
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.