CVE-2025-52655

LOW

HCL MyXalytics <6.6 - Code Injection

Title source: llm

Description

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.

References (1)

[Various Sources] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411

Scores

CVSS v3 3.1

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-829

Status published

Products (1)

HCL/HCL MyXalytics 6.6

Published Oct 10, 2025

Tracked Since Feb 18, 2026