HCL BigFix WebUI Missing Auth Env Data Disclosure
CVE-2025-15634 Published on May 9, 2026

HCL BigFix WebUI is affected by a missing authorization vulnerability
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2025-15634 has been classified to as an AuthZ vulnerability or weakness.

Affected Versions

HCLSoftware BigFix WebUI Version all versions is affected by CVE-2025-15634

Exploit Probability

EPSS

0.02%

Percentile

7.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

HCL BigFix WebUI Missing Auth Env Data DisclosureCVE-2025-15634 Published on May 9, 2026

Weakness Type

What is an AuthZ Vulnerability?

Affected Versions

Exploit Probability

HCL BigFix WebUI Missing Auth Env Data Disclosure
CVE-2025-15634 Published on May 9, 2026