CVE-2025-31974 PUBLISHED

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only

Assigner: HCL
Reserved: 01.04.2025 Published: 06.05.2026 Updated: 06.05.2026

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow

unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
CVSS Score: 3.9

Product Status

Vendor HCL Software
Product BigFix Service Management (SM)
Versions Default: unaffected
  • Version 23 is affected

References

Problem Types

  • CWE-1188 Initialization of a resource with an insecure default CWE