CVE-2025-52613
Analyzed Analyzed - Analysis Complete
WSGI Server Vulnerability in HCL BigFix Service Management

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: HCL Software

Description
HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-52613
EUVD
EUVD-2025-209702
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech bigfix_service_management 23.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

HCL BigFix Service Management (SM) uses a WSGI server that is vulnerable because it is outdated or insecure. This means the application may have known security weaknesses that attackers could exploit.

Deploying such a vulnerable WSGI server increases the risk of unauthorized access and exploitation of the application.

Impact Analysis

The vulnerability can lead to unauthorized access to the HCL BigFix Service Management application.

It may allow attackers to exploit known security weaknesses, potentially compromising confidentiality, integrity, and availability of the system.

Compliance Impact

The vulnerability in HCL BigFix Service Management (SM) involves the use of a vulnerable WSGI server, which may expose the application to known security weaknesses and increase the risk of exploitation and unauthorized access.

Such unauthorized access and exploitation risks can potentially lead to breaches of sensitive data, which may impact compliance with common standards and regulations like GDPR and HIPAA that require protection of personal and health information.

However, the provided information does not explicitly detail the direct effects on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52613. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart