Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

HCL BigFix Mobile is affected by an insecure Content Security Policy (CSP)

CVE-2025-0277

Description

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

Affected products

HCL Software/BigFix Mobilellm-create
Range: <=3.3
HCL Software/BigFix Mobilev5
Range: <=3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hcl-software.com/csmmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000