← back
CVE-2025-0276

HCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP)

CVSS 6.5 MEDIUMEPSS 0.3%CWE-693CWE-79CWE-80
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected products
HCL Software · BigFix Modern Client Management

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124513