CVE-2025-59873
Published: February 23, 2026· Updated: Feb 26, 2026
Official Description
An information exposure vulnerability exists in
Vulnerability in HCL Software ZIE for Web.
The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the application can hijack user sessions
This issue affects ZIE for Web: v16.
Technical Analysis
CVE-2025-59873 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 5.9.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-59873 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts