Improper Access Control in HCL BigFix Remote Control Server WebUI
CVE-2025-31965

8.2HIGH

Key Information:

Vendor: HCL Software Software
Status: Bigfix Remote Control
Vendor: CVE Published:; 29 July 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31965?

The HCL BigFix Remote Control Server WebUI has a vulnerability due to improper access restrictions. This issue allows non-administrative users to access unauthorized information displayed on certain web pages, potentially leading to exposure of sensitive data and unauthorized actions within the application. This vulnerability emphasizes the importance of strict access controls in web applications to safeguard against unauthorized information disclosures.

Affected Version(s)

BigFix Remote Control <=10.1.0.0248

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Apr 1, 2025