Medium severity4.3NVD Advisory· Published May 9, 2026· Updated May 14, 2026

CVE-2025-15634

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Affected products

HCLTech/Bigfix Webui Api
cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:*
Range: <33
HCLTech/Bigfix Webui Application Administration
cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:*
Range: <40
HCLTech/Bigfix Webui Cmep
cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:*
Range: <22
HCLTech/Bigfix Webui Common
cpe:2.3:a:hcltech:bigfix_webui_common:*:*:*:*:*:*:*:*
Range: <101
HCLTech/Bigfix Webui Content App
cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:*
Range: <28
HCLTech/Bigfix Webui Custom
cpe:2.3:a:hcltech:bigfix_webui_custom:*:*:*:*:*:*:*:*
Range: <50
HCLTech/Bigfix Webui Data Sync
cpe:2.3:a:hcltech:bigfix_webui_data_sync:*:*:*:*:*:*:*:*
Range: <37
HCLTech/Bigfix Webui Extensions
cpe:2.3:a:hcltech:bigfix_webui_extensions:*:*:*:*:*:*:*:*
Range: <14
HCLTech/Bigfix Webui Framework
cpe:2.3:a:hcltech:bigfix_webui_framework:*:*:*:*:*:*:*:*
Range: <35
HCLTech/Bigfix Webui Insights
cpe:2.3:a:hcltech:bigfix_webui_insights:*:*:*:*:*:*:*:*
Range: <32
HCLTech/Bigfix Webui Ivr
cpe:2.3:a:hcltech:bigfix_webui_ivr:*:*:*:*:*:*:*:*
Range: <23
HCLTech/Bigfix Webui Mdm
cpe:2.3:a:hcltech:bigfix_webui_mdm:*:*:*:*:*:*:*:*
Range: <29
HCLTech/Bigfix Webui Patch
cpe:2.3:a:hcltech:bigfix_webui_patch:*:*:*:*:*:*:*:*
Range: <54
HCLTech/Bigfix Webui Patch Policies
cpe:2.3:a:hcltech:bigfix_webui_patch_policies:*:*:*:*:*:*:*:*
Range: <51
HCLTech/Bigfix Webui Permissions And Preferences
cpe:2.3:a:hcltech:bigfix_webui_permissions_and_preferences:*:*:*:*:*:*:*:*
Range: <27
HCLTech/Bigfix Webui Profile Management
cpe:2.3:a:hcltech:bigfix_webui_profile_management:*:*:*:*:*:*:*:*
Range: <33
HCLTech/Bigfix Webui Query
cpe:2.3:a:hcltech:bigfix_webui_query:*:*:*:*:*:*:*:*
Range: <45
HCLTech/Bigfix Webui Reports
cpe:2.3:a:hcltech:bigfix_webui_reports:*:*:*:*:*:*:*:*
Range: <24
HCLTech/Bigfix Webui Scm
cpe:2.3:a:hcltech:bigfix_webui_scm:*:*:*:*:*:*:*:*
Range: <20
HCLTech/Bigfix Webui Software Distribution
cpe:2.3:a:hcltech:bigfix_webui_software_distribution:*:*:*:*:*:*:*:*
Range: <54
HCLTech/Bigfix Webui Take Action
cpe:2.3:a:hcltech:bigfix_webui_take_action:*:*:*:*:*:*:*:*
Range: <37

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hcl-software.com/csmnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000