HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .
PUBLISHED5.2CWE-1230
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.
Problem type
Affected products
HCL Software
BigFix Service Management (SM)
23 - AFFECTED
References
support.hcl-software.com
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144
GitHub Security Advisories
GHSA-4w64-m6x6-926r
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images....
https://github.com/advisories/GHSA-4w64-m6x6-926rHCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-31959Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-31959",
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"dateUpdated": "2026-05-06T14:47:52.965Z",
"dateReserved": "2025-04-01T18:46:19.517Z",
"datePublished": "2026-05-06T13:47:20.437Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL",
"dateUpdated": "2026-05-06T13:47:20.437Z"
},
"datePublic": "2026-05-06T16:15:00.000Z",
"title": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.",
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<span>HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .</span>"
}
]
}
],
"affected": [
{
"vendor": "HCL Software",
"product": "BigFix Service Management (SM)",
"defaultStatus": "unaffected",
"versions": [
{
"version": "23",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-1230: Exposure of Sensitive Information Through Metadata.",
"cweId": "CWE-1230",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-05-06T14:47:52.965Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}