Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

HCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP)

CVE-2025-0276

Description

HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

Affected products

HCL Software/BigFix Modern Client Management (MCM)llm-create
Range: <=3.3
HCL Software/BigFix Modern Client Managementv5
Range: <=3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hcl-software.com/csmmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000