CVE-2025-15633— HCL BigFix WebUI is affected by an improper authorization vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-15633
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix WebUI is affected by an improper authorization vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix WebUI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix WebUI是印度HCL公司的一个基于网页的管理页面。 HCL BigFix WebUI存在安全漏洞,该漏洞源于授权不当,可能导致经过身份验证且无Master Operator权限的用户通过缺乏安全标头的未保护端点访问内部数据并绕过权限要求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | BigFix WebUI | all versions | - |
II. Public POCs for CVE-2025-15633
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-15633
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: HCLSoftware
- CVE-2026-21821
HCL BigFix SCM Reporting is affected by vulnerabilities in j - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is vulnerable t - CVE-2025-31958
HCL BigFix Service Management (SM) is susceptible to HTTP Re - CVE-2025-31991
HCL DevOps Velocity is susceptible to brute-force attacks
Same weakness: CWE-863
- CVE-2026-45316
Open WebUI: Read-Only Users Can Toggle Note Pin Status via I - CVE-2026-44567
Open WebUI: Open WebUI Improper Authorization Control - CVE-2026-45672
Open WebUI: Jupyter code execution works despite `ENABLE_COD - CVE-2026-44557
Open WebUI: Global Knowledge Base Enumeration via knowledge- - CVE-2026-44561
Open WebUI: Deactivated Channel Members Retain Full Access t
V. Comments for CVE-2025-15633
No comments yet