1. Home
  2. CVE Database
  3. CVE-2025-15633
MEDIUM · 6.5

CVE-2025-15633

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) ...

Vulnerability Description

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
HcltechBigfix Webui Api< 33
HcltechBigfix Webui Application Administration< 40
HcltechBigfix Webui Cmep< 22
HcltechBigfix Webui Common< 101
HcltechBigfix Webui Content App< 28
HcltechBigfix Webui Custom< 50
HcltechBigfix Webui Data Sync< 37
HcltechBigfix Webui Extensions< 14
HcltechBigfix Webui Framework< 35
HcltechBigfix Webui Insights< 32
HcltechBigfix Webui Ivr< 23
HcltechBigfix Webui Mdm< 29
HcltechBigfix Webui Patch< 54
HcltechBigfix Webui Patch Policies< 51
HcltechBigfix Webui Permissions And Preferences< 27
HcltechBigfix Webui Profile Management< 33
HcltechBigfix Webui Query< 45
HcltechBigfix Webui Reports< 24
HcltechBigfix Webui Scm< 20
HcltechBigfix Webui Software Distribution< 54

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2025-15633?

CVE-2025-15633 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) ...

How severe is CVE-2025-15633?

CVE-2025-15633 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-15633?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Webui Api, Hcltech Bigfix Webui Application Administration, Hcltech Bigfix Webui Cmep, Hcltech Bigfix Webui Common, Hcltech Bigfix Webui Content App.