References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

{"timestamp":"2026-06-17T15:03:29.705142Z","id":"CVE-2025-59872","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131549

[{"vendor":"HCL Software","product":"ZIE","defaultStatus":"unaffected","versions":[{"version":"16.0","status":"affected"}]}]