CVE-2025-52602 | HCL BigFix Query up to 4.10.x HTTP GET Endpoint exposure of private personal information to an unauthorized actor (KB0124950)

Inserito da Angelo Barbosa | Nov 5, 2025 | CVE

A vulnerability, which was classified as problematic, was found in HCL BigFix Query up to 4.10.x. Impacted is an unknown function of the component HTTP GET Endpoint. Executing manipulation can lead to exposure of private personal information to an unauthorized actor.

This vulnerability is registered as CVE-2025-52602. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.

CVE-2025-52602 | HCL BigFix Query up to 4.10.x HTTP GET Endpoint exposure of private personal information to an unauthorized actor (KB0124950)

Post correlati

CVE-2025-4018 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 CrawlController.java addCrawlSource missing authentication

CVE-2023-52329 | Trend Micro Apex Central cross site scripting

CVE-2024-36122 | Discourse up to 3.2.2/3.3.0.beta3 Setting information disclosure

CVE-2023-51678 | Doofinder for WooCommerce Plugin up to 2.0.33 on WordPress AJAX Action authorization