CVE-2025-62338

LOW

The HCL BigFix Cloud Lifecycle Management is affected by Lack of Input Validation.

Title source: cna

Description

HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130802

Scores

CVSS v3 3.3

EPSS 0.0010

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

HCL/BigFix Cloud Lifecycle Management 10.9.1 and 10.9.2

HCLSoftware/BigFix Cloud Lifecycle Management 10.9.1 and 10.9.2

Published Jun 04, 2026

Tracked Since Jun 04, 2026