Host Header Poisoning Vulnerability in BigFix WebUI by HCL Software
CVE-2025-52647

6.1MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Webui
Vendor: CVE Published:; 10 October 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-52647?

The BigFix WebUI application is susceptible to Host Header Poisoning attacks due to the improper handling of HOST information from the HTTP header field. Attackers could exploit this vulnerability to manipulate the server's response, potentially leading to misdirection or other malicious activities. It’s crucial for users to take proactive measures to secure their applications against such vulnerabilities to maintain the integrity and availability of their systems. For further information, please refer to HCL Software's official guidance.

Affected Version(s)

BigFix WebUI v11

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jun 18, 2025

JSON