CVE-2025-52602 identifies a vulnerability categorized under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor) affecting HCL Software's BigFix Query product, specifically versions prior to 4.11.0. The flaw resides in the WebUI Query application where an HTTP GET endpoint returns responses containing sensitive information such as group names and active user names or IDs. This information disclosure occurs without requiring user interaction but does require at least low-level privileges and network access to the endpoint. The exposed data can be exploited by attackers to craft targeted phishing campaigns or social engineering attacks, increasing the risk of subsequent credential compromise or unauthorized access. The CVSS v3.1 base score is 4.2, reflecting a medium severity due to limited confidentiality impact and higher attack complexity. No patches are currently linked, and no known exploits have been reported in the wild, indicating that the vulnerability is newly disclosed. The vulnerability does not directly affect system integrity or availability but poses a risk by leaking sensitive identity information that can be weaponized in multi-stage attacks. Organizations using BigFix Query should audit their versions, restrict access to the WebUI Query interface, and monitor for suspicious activities related to user enumeration or reconnaissance.

For European organizations, the exposure of group names and active user identities can significantly increase the risk of successful phishing and social engineering attacks, which are common initial vectors for broader cyber intrusions. This is particularly concerning for sectors with high-value targets such as finance, government, healthcare, and critical infrastructure, where social engineering can lead to credential theft, lateral movement, and data breaches. The vulnerability does not directly compromise system integrity or availability but undermines confidentiality, potentially facilitating more damaging attacks. Organizations relying on HCL BigFix Query for endpoint management and security operations may face increased risk of targeted attacks against their administrators or privileged users. The medium CVSS score suggests moderate urgency; however, the potential for indirect compromise through social engineering elevates the threat in environments with sensitive data or critical operations.

1. Upgrade HCL BigFix Query to version 4.11.0 or later where this vulnerability is addressed. 2. Restrict network access to the WebUI Query application endpoints using network segmentation, firewalls, or VPNs to limit exposure to trusted administrators only. 3. Implement strong authentication and authorization controls to ensure only authorized personnel can query sensitive information. 4. Monitor logs for unusual or repeated HTTP GET requests to the vulnerable endpoints that may indicate reconnaissance activity. 5. Conduct user awareness training focused on phishing and social engineering risks, emphasizing the importance of vigilance given the potential for targeted attacks. 6. Employ multi-factor authentication (MFA) for all administrative access to reduce the impact of credential compromise. 7. Regularly audit and review user and group information exposure to ensure minimal data is accessible via interfaces. 8. Coordinate with HCL support for any interim patches or workarounds if immediate upgrade is not feasible.