CVE-2025-52602

Summary

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application.  An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs).  An attacker can use that information to target individuals with phishing or other social-engineering attacks.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix Querysite version < 43affected

Weaknesses

  • CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References