Sensitive Information Disclosure in HCL BigFix Query WebUI
CVE-2025-52602
4.2MEDIUM
What is CVE-2025-52602?
The WebUI Query application in HCL BigFix Query is susceptible to sensitive information disclosure via its HTTP GET endpoint. This vulnerability allows attackers to retrieve responses that may inadvertently reveal critical data such as group names and active user identifiers. By leveraging this exposed information, malicious actors could conduct targeted phishing or social engineering attacks, putting organizations and individuals at risk. Remediation is essential to safeguard user data and maintain system integrity.
Affected Version(s)
BigFix Query < 4.11.0