CVE-2025-15634

Published May 9, 2026

Last updated 3 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15634 describes a missing authorization vulnerability found within HCL BigFix WebUI. This flaw allows an authenticated user, even one without the necessary permissions, to access sensitive environmental information. This access is achieved by directly navigating to unauthorized pages through their specific URLs. The vulnerability impacts all versions of HCL BigFix WebUI. As of the current information, there is no official patch or remediation provided by the vendor, and no exploits are publicly reported in the wild.

Description: A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.
Source: psirt@hcl.com
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 5.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

Weaknesses

psirt@hcl.com: CWE-862

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

References