CVE & CISA-KEV Catalog

CVE-2025-15633

MEDIUM
6.5
CVSS v3
NVD

Description

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

How to fix

Remediation Available
bigfix webui apiNVD
Affected:< 33Fixed in:33CVE-2025-15633derived from NVD
bigfix webui application administrationNVD
Affected:< 40Fixed in:40CVE-2025-15633derived from NVD
bigfix webui cmepNVD
Affected:< 22Fixed in:22CVE-2025-15633derived from NVD
bigfix webui commonNVD
Affected:< 101Fixed in:101CVE-2025-15633derived from NVD
bigfix webui content appNVD
Affected:< 28Fixed in:28CVE-2025-15633derived from NVD
bigfix webui customNVD
Affected:< 50Fixed in:50CVE-2025-15633derived from NVD
bigfix webui data syncNVD
Affected:< 37Fixed in:37CVE-2025-15633derived from NVD
bigfix webui extensionsNVD
Affected:< 14Fixed in:14CVE-2025-15633derived from NVD
bigfix webui frameworkNVD
Affected:< 35Fixed in:35CVE-2025-15633derived from NVD
bigfix webui insightsNVD
Affected:< 32Fixed in:32CVE-2025-15633derived from NVD
bigfix webui ivrNVD
Affected:< 23Fixed in:23CVE-2025-15633derived from NVD
bigfix webui mdmNVD
Affected:< 29Fixed in:29CVE-2025-15633derived from NVD
bigfix webui patchNVD
Affected:< 54Fixed in:54CVE-2025-15633derived from NVD
bigfix webui patch policiesNVD
Affected:< 51Fixed in:51CVE-2025-15633derived from NVD
bigfix webui permissions and preferencesNVD
Affected:< 27Fixed in:27CVE-2025-15633derived from NVD
bigfix webui profile managementNVD
Affected:< 33Fixed in:33CVE-2025-15633derived from NVD
bigfix webui queryNVD
Affected:< 45Fixed in:45CVE-2025-15633derived from NVD
bigfix webui reportsNVD
Affected:< 24Fixed in:24CVE-2025-15633derived from NVD
bigfix webui scmNVD
Affected:< 20Fixed in:20CVE-2025-15633derived from NVD
bigfix webui software distributionNVD
Affected:< 54Fixed in:54CVE-2025-15633derived from NVD
bigfix webui take actionNVD
Affected:< 37Fixed in:37CVE-2025-15633derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.22%probability of exploitation in 30 days
13thpercentile

Low risk: more likely to be exploited than 13% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-863 (Incorrect Authorization) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-22518Critical9.8100%KEV + RansomFix
CVE-2023-38035Critical9.8100%KEV + Ransom-
CVE-2022-46169Critical9.8100%KEVFix
CVE-2025-29927Critical9.1100%-Fix
CVE-2024-38856Critical9.899%KEVFix
CVE-2020-36289Medium5.399%-Fix
Embed a live status badge for CVE-2025-15633
CVE-2025-15633 severity badge

Markdown

[![CVE-2025-15633](https://tridentstack.com/cve/badge/CVE-2025-15633.svg)](https://tridentstack.com/cve/CVE-2025-15633)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-15633"><img src="https://tridentstack.com/cve/badge/CVE-2025-15633.svg" alt="CVE-2025-15633"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-14.