CVE-2025-52647

Summary

The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareBigFix WebUIv11affected

Weaknesses

  • CWE-644: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References