What is the CVSS score of CVE-2025-31985?

CVE-2025-31985 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

BigFix Service Management CVE-2025-31985

EUVD-2025-209904 LOW

Information Exposure (CWE-200)

2026-05-20 psirt@hcl.com

GHSA-9mgj-24rg-q4jp

Information Disclosure

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 12:30 vuln.today

DescriptionNVD

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.

AnalysisAI

Missing X-Content-Type-Options response header in HCL BigFix Service Management (SM) leaves browsers without MIME-type sniffing protection, creating conditions where malicious or ambiguously typed content served through the application could be misinterpreted and executed by a victim's browser. The CVSS score of 3.7 (Low) reflects genuine constraints: high attack complexity, required low-privilege authentication, and mandatory user interaction all limit realistic exploitability. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV), consistent with its classification as a security misconfiguration rather than a critical flaw.

Technical ContextAI

The X-Content-Type-Options HTTP response header, when set to 'nosniff', instructs browsers to strictly honor the declared Content-Type and refuse to perform MIME-type sniffing. Its absence in HCL BigFix Service Management responses allows browsers to guess the content type of served resources, which can lead to cross-site scripting-adjacent scenarios where a file uploaded or delivered as a benign type (e.g., text/plain) is interpreted and executed as HTML or JavaScript. The root cause maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), reflecting that the misconfiguration expands the attack surface for information disclosure and content-injection side effects. No CPE strings were provided in the available data, so the precise affected version range is not independently confirmed from this source.

RemediationAI

The primary remediation is to apply the patch or configuration update described in HCL's advisory KB0128144, available at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144. An exact patched version number was not confirmed from the available data - consult the advisory directly to obtain the target upgrade version. As a compensating control pending patch application, administrators can configure the web server or reverse proxy fronting BigFix SM to inject the 'X-Content-Type-Options: nosniff' header on all responses; this can typically be done via Apache (Header always set X-Content-Type-Options nosniff), nginx (add_header X-Content-Type-Options nosniff always;), or IIS (HTTP Response Headers configuration). Adding this header at the proxy layer carries minimal side effects but does not address any underlying server-side issue - it should be treated as a temporary measure only.

CVE-2025-31985 vulnerability details – vuln.today

Back