CVE-2025-52602

MEDIUM EPSS 3.6%

Published Nov 5, 20257mo ago · Modified Jun 17, 20261w ago

4.2 CVSS 3.1

Medium

Published Nov 5, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

Description

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.

CVSS Details

Base Score

4.2

Exploitability

1.6

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

3.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-359

References 1

support.hcl-software.com https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.