Skip to main content

Vulnerability CVE-2025-59873

MEDIUM
Use of GET Request Method With Sensitive Query Strings (CWE-598)
2026-02-23 psirt@hcl.com
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 23, 2026 - 11:16 nvd
MEDIUM 5.9

DescriptionCVE.org

An information exposure vulnerability exists in

Vulnerability in HCL Software ZIE for Web.

The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions

This issue affects ZIE for Web: v16.

AnalysisAI

An information exposure vulnerability exists in

Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . [CVSS 5.9 MEDIUM]

Technical ContextAI

An information exposure vulnerability exists in

Vulnerability in HCL Software ZIE for Web.

The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions

This issue affects ZIE for Web: v16.

Affected ProductsAI

Component: URL query.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2025-59873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy