Missing Authorization Vulnerability in HCL BigFix WebUI
CVE-2025-15634

5.3MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Webui
Vendor: CVE Published:; 9 May 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-15634?

An authenticated user is able to access sensitive environmental details without the appropriate permissions due to a missing authorization check in the HCL BigFix WebUI. By utilizing direct URLs, users can inadvertently retrieve data that should be restricted, posing a risk to the confidentiality of the system's information resources. This vulnerability emphasizes the importance of implementing robust access controls to safeguard sensitive data from unauthorized access.

Affected Version(s)

BigFix WebUI all versions

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2025-15634 Data

JSON