CVE-2025-31964

# CVE-2025-31964 PoC - Service Binding Configuration Check # This PoC demonstrates how to check for exposed administrative services import socket import sys def check_port_exposure(host, port, service_name): """Check if a service port is exposed to external network""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) result = sock.connect_ex((host, port)) if result == 0: print(f"[+] WARNING: {service_name} (port {port}) is exposed on {host}") return True else: print(f"[-] {service_name} (port {port}) is not accessible on {host}") return False except Exception as e: print(f"[-] Error checking {service_name}: {e}") return False finally: sock.close() def main(): if len(sys.argv) < 2: print("Usage: python cve_2025_31964_poc.py <target_ip>") sys.exit(1) target = sys.argv[1] # Common BigFix IVR administrative ports to check admin_ports = [ (8080, "BigFix IVR Web Console"), (8443, "BigFix IVR Secure Portal"), (52311, "BigFix IVR Root Server") ] print(f"[*] Checking for exposed services on {target}...") print("[*] This PoC checks if administrative services are incorrectly bound to external interfaces") exposed = False for port, service in admin_ports: if check_port_exposure(target, port, service): exposed = True if exposed: print("\n[!] Potential CVE-2025-31964 vulnerability detected!") print("[!] Administrative services appear to be exposed to external network") else: print("\n[*] No exposed administrative services detected") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-31964", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:17:01.993", "lastModified": "2026-01-21T21:58:36.643", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.2, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.7, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-419"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0CDB58BE-0D8B-4F78-8D21-0B9B70D2B5A0"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}