CVE-2025-52613
WSGI Server Vulnerability in HCL BigFix Service Management
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | bigfix_service_management | 23.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
HCL BigFix Service Management (SM) uses a WSGI server that is vulnerable because it is outdated or insecure. This means the application may have known security weaknesses that attackers could exploit.
Deploying such a vulnerable WSGI server increases the risk of unauthorized access and exploitation of the application.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the HCL BigFix Service Management application.
It may allow attackers to exploit known security weaknesses, potentially compromising confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in HCL BigFix Service Management (SM) involves the use of a vulnerable WSGI server, which may expose the application to known security weaknesses and increase the risk of exploitation and unauthorized access.
Such unauthorized access and exploitation risks can potentially lead to breaches of sensitive data, which may impact compliance with common standards and regulations like GDPR and HIPAA that require protection of personal and health information.
However, the provided information does not explicitly detail the direct effects on compliance with these standards.