Improper Authorization in HCL BigFix WebUI Affects User Data Access
CVE-2025-15633

5.3MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Webui
Vendor: CVE Published:; 9 May 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-15633?

An improper authorization vulnerability in HCL BigFix WebUI enables authenticated users without Master Operator privileges to gain unauthorized access to sensitive internal data. This includes site names, software versions, and configuration variables through unprotected endpoints that lack sufficient security headers. The vulnerability underlines the importance of implementing robust authorization mechanisms and adequate security measures for web applications.

Affected Version(s)

BigFix WebUI all versions

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2025-15633 Data

JSON