CVE-2025-0275 – HCL BigFix Mobile versions 3.3 and earlier have... (How to Fix)

Q: What is the severity of CVE-2025-0275?

CVE-2025-0275 has a CVSS score of 5.3 (MEDIUM). HCL BigFix Mobile versions 3.3 and earlier have an improper access control vulnerability that allows unauthorized users to access a limited set of endpoint actions. This could potentially expose select internal functions to attackers. Organizations using affected versions of HCL BigFix Mobile are at risk.

📋 TL;DR

HCL BigFix Mobile versions 3.3 and earlier have an improper access control vulnerability that allows unauthorized users to access a limited set of endpoint actions. This could potentially expose select internal functions to attackers. Organizations using affected versions of HCL BigFix Mobile are at risk.

💻 Affected Systems

Products:

HCL BigFix Mobile

Versions: 3.3 and earlier

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable by default.

📦 What is this software?

Bigfix Mobile by Hcltech

View all CVEs affecting Bigfix Mobile →

Bigfix Modern Client Management by Hcltech

View all CVEs affecting Bigfix Modern Client Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain access to sensitive internal functions, potentially leading to data exposure, configuration changes, or lateral movement within the mobile device management system.

🟠

Likely Case

Limited unauthorized access to non-critical functions, potentially exposing some internal system information or allowing minor configuration changes.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated functions with minimal data exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires some knowledge of the system's API endpoints and functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.4 or later

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124512

Restart Required: No

Instructions:

1. Download HCL BigFix Mobile version 3.4 or later from HCL support portal. 2. Follow standard upgrade procedures for your deployment. 3. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to BigFix Mobile servers to only authorized users and systems

Access Control Review

all

Review and tighten existing access controls and user permissions

🧯 If You Can't Patch

Implement strict network segmentation to isolate BigFix Mobile servers
Enhance monitoring and logging of access to BigFix Mobile endpoints

🔍 How to Verify

Check if Vulnerable:

Check BigFix Mobile version in administration console or configuration files

Check Version:

Check administration console or refer to deployment documentation for version verification

Verify Fix Applied:

Verify version is 3.4 or later and test access controls for previously vulnerable endpoints

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to BigFix Mobile endpoints
Unusual API calls from unexpected sources

Network Indicators:

Unusual traffic patterns to BigFix Mobile servers
Access from unauthorized IP addresses

SIEM Query:

source="bigfix-mobile" AND (event_type="access_denied" OR user="unknown")

📊 Metadata

CVE ID: CVE-2025-0275

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-306

EPSS Score: 0.04% exploit probability (13.3th percentile)

Published: October 16, 2025

Last Updated: October 21, 2025

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124512 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0275, you might also want to check these: