CVE-2025-52619 - Vulnerability Details - OpenCVE

HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Hcltech	Bigfix Saas

No data.

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330

History

Mon, 18 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 16 Aug 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech bigfix Saas
Vendors & Products		Hcltech Hcltech bigfix Saas

Fri, 15 Aug 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description		HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.
Title		HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure
Weaknesses		CWE-209
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2025-08-15T22:48:40.096Z

Updated: 2025-08-18T14:51:20.516Z

Reserved: 2025-06-18T14:00:40.357Z

Link: CVE-2025-52619

Vulnrichment

Updated: 2025-08-18T14:51:15.732Z

NVD

Status : Awaiting Analysis

Published: 2025-08-15T23:15:26.343

Modified: 2025-08-18T20:16:28.750

Link: CVE-2025-52619

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52619", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:40.357Z", "datePublished": "2025-08-15T22:48:40.096Z", "dateUpdated": "2025-08-18T14:51:20.516Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix SaaS Remediate", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "< 8.1.14"}]}], "datePublic": "2025-08-15T22:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.<br>"}], "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-08-15T22:48:40.096Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-18T14:51:02.433523Z", "id": "CVE-2025-52619", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T14:51:20.516Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-18T14:51:02.433523Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T14:51:15.732Z"}}], "cna": {"title": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix SaaS Remediate", "versions": [{"status": "affected", "version": "< 8.1.14"}], "defaultStatus": "unaffected"}], "datePublic": "2025-08-15T22:45:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.", "supportingMedia": [{"type": "text/html", "value": "HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-08-15T22:48:40.096Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52619", "state": "PUBLISHED", "dateUpdated": "2025-08-18T14:51:20.516Z", "dateReserved": "2025-06-18T14:00:40.357Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-08-15T22:48:40.096Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}