CVE-2025-15634

medium

Published 2026-05-09 · Modified 2026-05-14

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4 NEW

5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

VIR risk

4.3

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Predictions

Exploit likelihood

53%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions	Fixed
hcltech	bigfix_webui_api	`{"endExcluding":"33"}`	`33`
hcltech	bigfix_webui_application_administration	`{"endExcluding":"40"}`	`40`
hcltech	bigfix_webui_cmep	`{"endExcluding":"22"}`	`22`
hcltech	bigfix_webui_common	`{"endExcluding":"101"}`	`101`
hcltech	bigfix_webui_content_app	`{"endExcluding":"28"}`	`28`
hcltech	bigfix_webui_custom	`{"endExcluding":"50"}`	`50`
hcltech	bigfix_webui_data_sync	`{"endExcluding":"37"}`	`37`
hcltech	bigfix_webui_extensions	`{"endExcluding":"14"}`	`14`
hcltech	bigfix_webui_framework	`{"endExcluding":"35"}`	`35`
hcltech	bigfix_webui_insights	`{"endExcluding":"32"}`	`32`
hcltech	bigfix_webui_ivr	`{"endExcluding":"23"}`	`23`
hcltech	bigfix_webui_mdm	`{"endExcluding":"29"}`	`29`
hcltech	bigfix_webui_patch	`{"endExcluding":"54"}`	`54`
hcltech	bigfix_webui_patch_policies	`{"endExcluding":"51"}`	`51`
hcltech	bigfix_webui_permissions_and_preferences	`{"endExcluding":"27"}`	`27`
hcltech	bigfix_webui_profile_management	`{"endExcluding":"33"}`	`33`
hcltech	bigfix_webui_query	`{"endExcluding":"45"}`	`45`
hcltech	bigfix_webui_reports	`{"endExcluding":"24"}`	`24`
hcltech	bigfix_webui_scm	`{"endExcluding":"20"}`	`20`
hcltech	bigfix_webui_software_distribution	`{"endExcluding":"54"}`	`54`
hcltech	bigfix_webui_take_action	`{"endExcluding":"37"}`	`37`

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587

CWEs

CWE-862

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.