MEDIUM
Score: 4.2/10
Vulnerability Summary
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks.
Technical Analysis
- CVE ID: CVE-2025-52602
- Published: 2025-11-05T15:15:39.337
- Status: Active
How to Fix & Protect
The primary mitigation is to update the affected software immediately. Check the vendor's official security advisory for the latest patch.
Mitigation: If a patch is not available, restrict network access to the vulnerable component or disable the service.