CVE-2025-59873 MEDIUM

CVE-2025-59873: Session Token Exposure via URL Query Parameters

Vendor Hcl Software
Product ZIE for Web
Published February 23, 2026
Last update February 26, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions This issue affects ZIE for Web: v16.

Key dates

02Disclosure timeline

February 23, 2026 CVE published
February 26, 2026 Record updated