Sensitive Information Disclosure in HCL BigFix Query WebUI
CVE-2025-52602

4.2MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Query
Vendor: CVE Published:; 5 November 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-52602?

The WebUI Query application in HCL BigFix Query is susceptible to sensitive information disclosure via its HTTP GET endpoint. This vulnerability allows attackers to retrieve responses that may inadvertently reveal critical data such as group names and active user identifiers. By leveraging this exposed information, malicious actors could conduct targeted phishing or social engineering attacks, putting organizations and individuals at risk. Remediation is essential to safeguard user data and maintain system integrity.

Affected Version(s)

BigFix Query site version < 43

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Jun 18, 2025

JSON