CVE-2025-59872
Received Received - Intake
Unrestricted File Upload in HCL ZIE for Web

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: HCL Software

Description
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-59872
EUVD
EUVD-2025-210240
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl zie_for_web *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

HCL ZIE for Web is affected by an Unrestricted File Upload vulnerability. This means that if the server is configured to execute code, an attacker may upload a malicious file known as a web shell into the Webroot directory. This web shell allows the attacker to execute arbitrary code or operating system commands on the server.

For the attack to succeed, two conditions must be met: the file must be uploaded inside the Webroot, and the server must be configured to execute the uploaded code.

Impact Analysis

This vulnerability can lead to unauthorized command execution on the affected server. An attacker who successfully exploits this flaw can run arbitrary code or operating system commands, potentially gaining control over the server.

Such control can lead to data breaches, service disruption, or further compromise of the network environment where the server resides.

Mitigation Strategies

To mitigate the Unrestricted File Upload vulnerability in HCL ZIE for Web, ensure that the server is not configured to execute uploaded files within the Webroot directory.

Restrict file upload permissions and validate uploaded files to prevent uploading of web shells or executable code.

Apply any patches or updates provided by HCL as referenced in their security bulletin.

Compliance Impact

The provided information does not specify how the Unrestricted File Upload vulnerability in HCL ZIE for Web (CVE-2025-59872) impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart