CVE-2025-62345
Received Received - Intake
Input Validation Flaw in HCL BigFix RunBookAI

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: HCL Software

Description
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure β€œInput Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-62345
EUVD
EUVD-2025-209670
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl bigfix_runbookai *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by increasing the risk of misconfiguration and operational errors in HCL BigFix RunBookAI. Because the input handling is less secure, it may allow attackers or users to cause unintended behavior or errors, potentially affecting the reliability and security of the system.

The CVSS base score of 2.7 indicates a low severity impact, with limited confidentiality impact and no integrity or availability impact.

Executive Summary

The vulnerability in HCL BigFix RunBookAI is related to a security weakness in the input handling implementation of a component. Specifically, it is described as a Continued availability of Less-Secure β€œInput Text” Vulnerability, which means that the way input text is processed is less secure than it should be.

This weakness increases the risk of misconfiguration and operational errors within the system.

Compliance Impact

The vulnerability in HCL BigFix RunBookAI involves a less-secure input text handling weakness that increases the risk of misconfiguration and operational errors.

While the CVE description indicates a security weakness, there is no specific information provided about its direct impact on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62345. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart