CVE-2025-52621

EPSS 0.02%
Veröffentlicht 15.08.2025 22:45:55
Zuletzt bearbeitet 29.10.2025 20:24:07
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.   The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Bigfix Saas Version < 8.1.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
psirt@hcl.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-52621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52621

EUVD