CVE-2025-15633

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 09, 2026

Vendor unknown

Description

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130587