CVE-2025-31959 | THREATINT

Description

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .

PUBLISHED Reserved 2025-04-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner HCL

LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem types

CWE-1230: Exposure of Sensitive Information Through Metadata.

Product status

Default status

unaffected

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0128144

cve.org (CVE-2025-31959)

nvd.nist.gov (CVE-2025-31959)

Download JSON