CVE-2025-52608

LOW

HCL iControl was affected by Missing Cookie Attributes vulnerability.

Title source: cna

Description

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131061

Scores

CVSS v3 3.1

EPSS 0.0010

EPSS Percentile 1.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-614

Status published

Products (2)

HCL/iControl 4.0.0

hcltech/icontrol 4.0.0

Published Jun 04, 2026

Tracked Since Jun 04, 2026