HCL BigFix Remote Control is vulnerable to an insecure CSP...

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

Basic Information

ID CVE-2025-59849

Source HCL

Published Dec 17, 2025 at 20:28

Modified Dec 17, 2025 at 20:45

Affected Product

Vendor HCL Software

Product BigFix Remote Control

Version <= 10.1.0.0326

Affected Versions HCL Software BigFix Remote Control <= 10.1.0.0326

CWE Classification

CWE-1021 CWE-693

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.",
    "published": "2025-12-17T20:28:22.768Z",
    "modified": "2025-12-17T20:45:21.930Z",
    "type": "cve",
    "title": "HCL BigFix Remote Control is vulnerable to an insecure CSP configuration",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332",
    "id": "CVE-2025-59849",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1021",
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "HCL Software BigFix Remote Control <= 10.1.0.0326",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigFix Remote Control",
    "version": "<= 10.1.0.0326",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL BigFix Remote Control is vulnerable to an insecure CSP configuration_CVE-2025-59849