CVE-2025-52647

Description

The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.

PUBLISHED Reserved 2025-06-18 | Published 2025-10-10 | Updated 2025-10-10 | Assigner HCL

Problem types

CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

Product status

References

support.hcl-software.com/...rticle&sysparm_article=KB0124562

cve.org (CVE-2025-52647)

nvd.nist.gov (CVE-2025-52647)

Download JSON