CVE-2025-31973

Description

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment.

CVSS Details

CVSS Score

4.0

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:* - VULNERABLE

HCL BigFix Service Management (SM) (具体受影响版本请参考厂商公告KB0128144)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# PoC to demonstrate checking for insecure base image version
# This script checks the OS version of a running container to identify outdated bases.

TARGET_CONTAINER=$1

if [ -z "$TARGET_CONTAINER" ]; then
  echo "Usage: $0 <container_id_or_name>"
  exit 1
fi

echo "[+] Checking base image OS info for container: $TARGET_CONTAINER"
docker exec $TARGET_CONTAINER cat /etc/os-release

echo "[+] Checking image history to identify layers..."
docker history $TARGET_CONTAINER

echo "[+] PoC Complete. Verify if the OS version matches known vulnerable baselines."

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-31973
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-31973
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-31973/
[4] VulDB https://vuldb.com/cve/CVE-2025-31973
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-31973", "sourceIdentifier": "[email protected]", "published": "2026-05-20T12:16:20.527", "lastModified": "2026-05-20T19:11:42.040", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.6, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D915AC1-7C2B-497D-9A77-9726954B2282"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}