CVE-2025-55254
Unknown
Unknown - Not Provided
Path-Relative Stylesheet Import Flaw in HCL BigFix Enables Code Execution
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: HCL Software
Description
Description
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | bigfix_remote_control_lite_web_portal | 10.1.0.0326 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper management of path-relative stylesheet imports in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower), which may allow an attacker to execute malicious code on certain web pages.
How can this vulnerability impact me? :
The vulnerability may allow an attacker to execute malicious code on certain web pages, potentially leading to unauthorized actions or compromise of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70