heise PlusAbo
Anzeige

HCL BigFix: Attackers can access data in the file system

The HCL BigFix endpoint management platform is vulnerable. Security updates are available.

listen Print view
A symbolic update button on a keyboard.

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit a total of seven vulnerabilities in HCL BigFix, potentially compromising computers in the worst-case scenario.

As indicated in an advisory, the vulnerabilities are in the components Axios, jsPDF, and React Router, which the endpoint management platform uses. Most and most dangerous vulnerabilities are in jsPDF.

Malware attacks possible

This allows attackers to access data in the file system (CVE-2025-68428 "critical") or embed malware in PDFs that executes when opened (CVE-2026-24737 "high"). So far, there are no reports of attackers exploiting the vulnerabilities.

Videos by heise

The developers assure that HCL BigFix has been repaired in version 1.0.2 update 2.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten