CVE-2025-52622

Summary

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix SaaS Remediate0affected

Weaknesses

  • CWE-1188: CWE-1188 Initialization of a Resource with an Insecure Default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References