CVE-2025-52608

ℹ️ low

Summary

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

CVSS Score

3.1

Low

EPSS Score

0.0

Exploit Probability

Published Date

2026-06-04

First Seen: 2026-06-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.1% of all 330,193 vulnerabilities in our database.

#323,318

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jun 4, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-04

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-614

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
hcltech	icontrol	Affected	v4.0.0

🔗 References 1

https://support.hcl-software.com/csm?id=kb_article&s...

Vendor Advisory

🔗 Related CVEs 5

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-62340	ℹ️ low	3.1	0.2	HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where ...	2026-06-17
CVE-2025-52606	🔶 medium	4.3	0.0	HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an ar...	2026-06-04
CVE-2025-52609	ℹ️ low	3.7	0.1	HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by...	2026-06-04
CVE-2025-52611	ℹ️ low	3.1	0.0	HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to ...	2026-06-04
CVE-2025-52612	⚠️ high	7.1	0.0	HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site script...	2026-06-04

These CVEs affect the same products