CVE-2025-59849
MEDIUMDescription
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.
Is your site exposed to CVE-2025-59849?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| hcltechsw | hcl_devops_deploy |
| hcltechsw | hcl_devops_deploy |
| hcltechsw | hcl_launch |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-59849? +
How severe is CVE-2025-59849? +
What products are affected by CVE-2025-59849? +
How do I check if I'm vulnerable to CVE-2025-59849? +
Related Vulnerabilities
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user …
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed …
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current …
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security …
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to …
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not …