CVE-2025-59873
Session Token Exposure via URL Query Parameters
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions This issue affects ZIE for Web: v16.
| Vendor | hcl software |
| Product | zie for web |
| Published | Feb 23, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for hcl software zie for web
Be the first to know when new medium vulnerabilities affecting hcl software zie for web are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
HCL Software / ZIE for Web
v16