CVE-2025-52602

Name of the Vulnerable Software and Affected Versions HCL BigFix Query (affected versions not specified)

Description HCL BigFix Query’s WebUI Query application is susceptible to sensitive information disclosure. An HTTP GET request to an endpoint can reveal discoverable responses, potentially exposing group names and active user names or IDs. This information could be leveraged by attackers to target individuals with phishing or other social-engineering attacks. The /api/v1/query API endpoint is involved in this issue. The user id and group name variables are potentially exposed through this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.