CVE-2025-59849

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltechsw:hcl_devops_deploy::::::::
	cpe:2.3:a:hcltechsw:hcl_devops_deploy::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::

History

06 Jan 2026, 19:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hcltechsw:hcl_devops_deploy:::::::: cpe:2.3:a:hcltechsw:hcl_launch::::::::
First Time		Hcltechsw hcl Devops Deploy Hcltechsw Hcltechsw hcl Launch
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332 - Vendor Advisory

17 Dec 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-17 21:16

Updated : 2026-01-06 19:54

NVD link : CVE-2025-59849

Mitre link : CVE-2025-59849

CVE.ORG link : CVE-2025-59849

JSON object : View

Products Affected

hcltechsw

hcl_devops_deploy
hcl_launch

CWE

CWE-693

Protection Mechanism Failure

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2025-59849", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-12-17T21:16:14.873", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-693"}, {"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages."}], "lastModified": "2026-01-06T19:54:47.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "830962ED-955D-4083-8801-BB719BD01DDC", "versionEndExcluding": "8.0.1.11", "versionStartIncluding": "8.0.0.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB41F3C-0562-47CC-856D-FD03AC2AB0D7", "versionEndExcluding": "8.1.2.4", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4FD53DE-8743-4FE3-88D5-DA1E291DA397", "versionEndExcluding": "7.3.2.16", "versionStartIncluding": "7.3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}