CVE-2025-52602 is a vulnerability identified in HCL Software's BigFix Query product, specifically affecting versions prior to 4.11.0. The flaw resides in the WebUI Query application where an HTTP GET endpoint improperly discloses sensitive information, including group names and active user names or IDs. This exposure occurs without requiring user interaction but does require low-level privileges, which means an attacker with limited access could retrieve this data. The vulnerability is classified under CWE-359, indicating exposure of private personal information to unauthorized actors. The disclosed information can be exploited by attackers to craft targeted phishing campaigns or social engineering attacks, increasing the risk of further compromise. The CVSS v3.1 base score is 4.2, indicating a medium severity level, with the vector showing network attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, and low impact on confidentiality and integrity, with no impact on availability. No public exploits have been reported yet, but the vulnerability's presence in a widely used endpoint makes it a concern for organizations relying on BigFix Query for endpoint management and security operations. The lack of a patch link suggests that remediation may require upgrading to version 4.11.0 or later once available or applying vendor guidance when released.

For European organizations, this vulnerability primarily threatens the confidentiality and integrity of user-related information within the BigFix Query environment. Disclosure of group names and active user identifiers can facilitate targeted phishing and social engineering attacks, potentially leading to credential theft, unauthorized access, or lateral movement within networks. Sectors such as finance, government, healthcare, and critical infrastructure, which often use BigFix for endpoint management, could face increased risk of sophisticated attacks leveraging this information. Although the vulnerability does not directly impact system availability, the indirect consequences of successful phishing or social engineering could lead to significant operational disruptions, data breaches, and regulatory non-compliance under GDPR. The medium severity rating reflects moderate risk, but the ease of exploitation over the network and the potential for escalated attacks make timely mitigation important.

European organizations should take the following specific actions: 1) Upgrade HCL BigFix Query to version 4.11.0 or later as soon as it becomes available to ensure the vulnerability is patched. 2) Restrict access to the WebUI Query application by implementing network segmentation and firewall rules limiting access to trusted administrators only. 3) Enforce strong authentication and authorization controls to minimize the risk of low-privilege accounts being exploited to access the vulnerable endpoint. 4) Monitor logs and network traffic for unusual GET requests to the affected endpoint that could indicate reconnaissance or exploitation attempts. 5) Conduct user awareness training focused on recognizing phishing and social engineering tactics that could leverage exposed information. 6) Coordinate with HCL support for any interim mitigations or configuration changes that can reduce information exposure until patches are applied. 7) Review and audit user and group information exposure across other management tools to prevent similar data leaks.