CVE-2025-15634

MEDIUM

HCL BigFix WebUI is affected by a missing authorization vulnerability

Title source: cna

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (22)

HCLSoftware/BigFix WebUI all versions

hcltech/bigfix_webui_api < 33

hcltech/bigfix_webui_application_administration < 40

hcltech/bigfix_webui_cmep < 22

hcltech/bigfix_webui_common < 101

hcltech/bigfix_webui_content_app < 28

hcltech/bigfix_webui_custom < 50

hcltech/bigfix_webui_data_sync < 37

hcltech/bigfix_webui_extensions < 14

hcltech/bigfix_webui_framework < 35

... and 12 more

Published May 09, 2026

Tracked Since May 09, 2026