Security update: HCL BigFix Remote Control vulnerability patched
If attacks on HCL BigFix Remote Control are successful, unauthorized persons can access information that is actually protected.
(Image: Shutterstock)
The endpoint management platform HCL BigFix is vulnerable, and attackers can view unauthorized data or even access a private key with a lot of effort and the right timing. The vulnerabilities can be found specifically in HCL BigFix Remote Control. A secure version is available for download.
Two dangers
In a warning message, the developers state that they have closed the vulnerabilities in BigFix Remote Control 10.1 Fix Pack 3. Because the access restriction does not work correctly, attackers can access servers via the BigFix Remote Control WebUI and view information and certain websites (CVE-2025-31965 “high”). The developers are not currently explaining how such an attack could work in detail.
Videos by heise
If attackers successfully exploit the second vulnerability (CVE-2025-13176 “medium”), they may be able to recover a private key via a side-channel timing attack during ECDSA signature calculation. According to the developers, a time window of just 300 nanoseconds opens up for this. Furthermore, such an attack is only possible with certain elliptic curves, such as NIST P-521. As a result, such an attack involves a comparatively large amount of effort.
There is no indication in the warning message that attackers are already exploiting the gaps. It also remains unclear how admins can recognize successfully attacked instances.
(des)
