CVE-2025-52602— HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

CVSS 4.2 · Medium EPSS 0.03% · P8 Updated Nov 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-52602

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

Source: NVD (National Vulnerability Database)

Vulnerability Description

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

侵犯隐私

Source: NVD (National Vulnerability Database)

Vulnerability Title

HCL BigFix Query 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

HCL BigFix Query是印度HCL公司的一个实时查询和收集系统状态数据的模块。 HCL BigFix Query存在安全漏洞，该漏洞源于WebUI Query应用程序中的HTTP GET端点请求返回可发现的响应，可能泄露组名和活动用户名或ID，攻击者可利用该信息进行钓鱼或其他社会工程攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
HCL Software	BigFix Query	site version < 43	-

II. Public POCs for CVE-2025-52602

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-52602

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-52602

Same Patch Batch · HCL Software · 2025-11-05 · 3 CVEs total

CVE-2025-55278	8.1 HIGH	HCL DevOps Loop is susceptible to an improper authentication vulnerability
CVE-2025-31954	5.4 MEDIUM	HCL iAutomate is susceptible to a sensitive information disclosure

IV. Related Vulnerabilities

Same vendor: HCL Software

Same weakness: CWE-359

V. Comments for CVE-2025-52602

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-52602— HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

I. Basic Information for CVE-2025-52602

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-52602

III. Intelligence Information for CVE-2025-52602

Same Patch Batch · HCL Software · 2025-11-05 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-52602

Leave a comment