CVE-2025-52621— HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-52621
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL BigFix SaaS Authentication Service 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL BigFix SaaS Authentication Service是印度HCL公司的一个端点管理平台。 HCL BigFix SaaS Authentication Service存在安全漏洞,该漏洞源于未验证Origin标头值,可能导致缓存投毒。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCL Software | BigFix SaaS Remediate | < 8.1.14 | - |
II. Public POCs for CVE-2025-52621
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-52621
请登录查看更多情报信息。
Same Patch Batch · HCL Software · 2025-08-15 · 5 CVEs total
| CVE-2025-52619 | 5.3 MEDIUM | HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure |
| CVE-2025-52618 | 4.3 MEDIUM | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability |
| CVE-2025-52620 | 4.3 MEDIUM | HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnera |
| CVE-2025-31961 | 3.7 LOW | HCL Connections is vulnerable to broken access control |
IV. Related Vulnerabilities
Same product: BigFix SaaS Remediate
Same vendor: HCL Software
- CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2025-31976
HCL BigFix Service Management (SM) is vulnerable to insuffic - CVE-2025-31978
HCL BigFix Service Management (SM) does not adequately sanit - CVE-2025-31959
HCL BigFix Service Management (SM) application fails to stri - CVE-2025-31982
HCL BigFix Service Management (SM) had directories that were
Same weakness: CWE-346
- CVE-2026-6508
RCE in TUBITAK BILGEM's Liderahenk - CVE-2026-43870
Apache Thrift: Node.js web_server.js multi-vulnerability - CVE-2026-7439
AgentFlow Local Web API Content-Type Validation Bypass - CVE-2026-41398
OpenClaw - Unauthorized Agent Request Dispatch via Untrusted - CVE-2026-41393
OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance an
V. Comments for CVE-2025-52621
No comments yet