CVE Daily

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The B...

Medium CVSS 5.3

Overview

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.

CWE: CWE-346 Published: 2025-08-15T23:15:26.670
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.3 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags