Improper Content Security Policy in HCL BigFix Remote Control Lite
CVE-2025-59849

4.7MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Bigfix Remote Control
Vendor: CVE Published:; 17 December 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-59849?

The HCL BigFix Remote Control Lite Web Portal has a vulnerability due to improper management of the Content Security Policy. This flaw may allow attackers to execute malicious scripts on web pages, potentially compromising the integrity and security of user data. Organizations utilizing affected versions are advised to review security configurations and apply the necessary patches to mitigate this risk.

Affected Version(s)

BigFix Remote Control <= 10.1.0.0326

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Sep 22, 2025

JSON