Skip to main content

BigFix RunBookAI CVE-2025-31951

| EUVD-2025-209669 HIGH
Command Injection (CWE-77)
2026-05-06 HCL GHSA-w9jr-wh7w-mh6j
Command Injection
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 14:00 vuln.today

DescriptionNVD

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

AnalysisAI

Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.

Technical ContextAI

HCL BigFix RunBookAI is an IT automation and orchestration platform that executes runbooks and operational procedures across endpoint infrastructure. The vulnerability affects version 11.2 and is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command), commonly known as command injection. This flaw occurs when user-supplied input is passed to system command interpreters without proper sanitization, allowing attackers to append malicious commands using shell metacharacters, command separators, or injection techniques. The affected CPE (cpe:2.3:a:hcl:bigfix_runbookai) indicates the vulnerability resides in the core application rather than a specific module, suggesting the input validation weakness may affect multiple command execution pathways within the automation framework.

RemediationAI

Apply the security update detailed in HCL Knowledge Base article KB0130444 available at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130444. The vendor advisory provides patch instructions specific to BigFix RunBookAI 11.2 deployments. Until patching is complete, implement compensating controls including restricting network access to the RunBookAI interface to trusted administrative networks only, enforcing strict authentication and authorization policies for RunBookAI users to minimize the credential pool that could exploit this vulnerability, auditing all command execution logs for suspicious patterns or unexpected system calls, and disabling or restricting access to the vulnerable component if operationally feasible. Note that access restrictions will limit automation capabilities and may impact operational workflows, requiring coordination with IT operations teams before implementation.

Share

CVE-2025-31951 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy