CVE-2025-52621 MEDIUM

CVE-2025-52621: HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning

Vendor Hcl Software
Product BigFix SaaS Remediate
Weakness CWE-346 · Origin validation
Published August 15, 2025
Last update August 18, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

Key dates

02Disclosure timeline

August 15, 2025 CVE published
August 18, 2025 Record updated