CVE-2025-62345
Input Validation Flaw in HCL BigFix RunBookAI
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | bigfix_runbookai | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by increasing the risk of misconfiguration and operational errors in HCL BigFix RunBookAI. Because the input handling is less secure, it may allow attackers or users to cause unintended behavior or errors, potentially affecting the reliability and security of the system.
The CVSS base score of 2.7 indicates a low severity impact, with limited confidentiality impact and no integrity or availability impact.
Can you explain this vulnerability to me?
The vulnerability in HCL BigFix RunBookAI is related to a security weakness in the input handling implementation of a component. Specifically, it is described as a Continued availability of Less-Secure βInput Textβ Vulnerability, which means that the way input text is processed is less secure than it should be.
This weakness increases the risk of misconfiguration and operational errors within the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in HCL BigFix RunBookAI involves a less-secure input text handling weakness that increases the risk of misconfiguration and operational errors.
While the CVE description indicates a security weakness, there is no specific information provided about its direct impact on compliance with common standards and regulations such as GDPR or HIPAA.