CVE-2025-52622 MEDIUM

CVE-2025-52622: HCL BigFix SaaS Remediate is affected by a security vulnerability

Vendor Hcl Software
Product BigFix SaaS Remediate
Weakness CWE-1188
Published December 2, 2025
Last update December 8, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 8, 2025 Record updated