CVE-2025-15634

MEDIUM EPSS 7.7%

Published May 9, 20261mo ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published May 9, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

7.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 21

Vendor	Product	Version	Range
hcltech	bigfix_webui_api	*	<33
hcltech	bigfix_webui_application_administration	*	<40
hcltech	bigfix_webui_cmep	*	<22
hcltech	bigfix_webui_common	*	<101
hcltech	bigfix_webui_content_app	*	<28
hcltech	bigfix_webui_custom	*	<50
hcltech	bigfix_webui_data_sync	*	<37
hcltech	bigfix_webui_extensions	*	<14
hcltech	bigfix_webui_framework	*	<35
hcltech	bigfix_webui_insights	*	<32
hcltech	bigfix_webui_ivr	*	<23
hcltech	bigfix_webui_mdm	*	<29
hcltech	bigfix_webui_patch	*	<54
hcltech	bigfix_webui_patch_policies	*	<51
hcltech	bigfix_webui_permissions_and_preferences	*	<27
hcltech	bigfix_webui_profile_management	*	<33
hcltech	bigfix_webui_query	*	<45
hcltech	bigfix_webui_reports	*	<24
hcltech	bigfix_webui_scm	*	<20
hcltech	bigfix_webui_software_distribution	*	<54
hcltech	bigfix_webui_take_action	*	<37

References 1

support.hcl-software.com https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.