CVE-2025-59849

Published: Dec 17, 2025Modified: Jan 6, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

Affected (3)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

Hcltechsw

2 products

Hcl Devops Deploy

Hcl Launch

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1.11
Hcltechsw Hcl Devops Deploy	From 8.1.0 to 8.1.2.4
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.16

Related CWEs

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.