PatchSiren

HCL Software CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM HCL Software CVE published 2026-05-09

CVE-2025-15634

CVE-2025-15634 describes a missing authorization flaw in HCL BigFix WebUI. An authenticated user without the proper permissions may be able to reach an unauthorized page directly by URL and view sensitive environmental information. The issue is rated medium severity and maps to CWE-862 (missing authorization).