{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52602", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:38.417Z", "datePublished": "2025-11-05T14:46:46.537Z", "dateUpdated": "2025-11-12T17:41:31.409Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Query", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "site version < 43"}]}], "datePublic": "2025-11-05T14:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. &nbsp;An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). &nbsp;An attacker can use that information to target individuals with phishing or other social-engineering attacks.<br></p><br>"}], "value": "HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. \u00a0An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). \u00a0An attacker can use that information to target individuals with phishing or other social-engineering attacks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-11-12T17:41:31.409Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T18:57:56.925811Z", "id": "CVE-2025-52602", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T18:58:08.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-05T18:57:56.925811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T18:58:01.611Z"}}], "cna": {"title": "HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix Query", "versions": [{"status": "affected", "version": "site version < 43"}], "defaultStatus": "unaffected"}], "datePublic": "2025-11-05T14:45:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. \u00a0An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). \u00a0An attacker can use that information to target individuals with phishing or other social-engineering attacks.", "supportingMedia": [{"type": "text/html", "value": "<p>HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. &nbsp;An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). &nbsp;An attacker can use that information to target individuals with phishing or other social-engineering attacks.<br></p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-11-12T17:41:31.409Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52602", "state": "PUBLISHED", "dateUpdated": "2025-11-12T17:41:31.409Z", "dateReserved": "2025-06-18T14:00:38.417Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-11-05T14:46:46.537Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. \u00a0An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). \u00a0An attacker can use that information to target individuals with phishing or other social-engineering attacks."}, {"lang": "es", "value": "HCL BigFix Query se ve afectado por una divulgaci\u00f3n de informaci\u00f3n de informaci\u00f3n sensible en la aplicaci\u00f3n WebUI Query. Una solicitud de punto final HTTP GET devuelve respuestas detectables que pueden revelar: nombres de grupo, nombres de usuario activos (o ID). Un atacante puede usar esa informaci\u00f3n para atacar a individuos con phishing u otros ataques de ingenier\u00eda social."}], "id": "CVE-2025-52602", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2025-11-05T15:15:39.337", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124950"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"created": "2025-11-06T10:07:01.787576+00:00", "updated": "2025-11-06T10:07:01.787612+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$bigfix_query"]}