HCL iControl was affected by Missing Cookie Attributes vulnerability.

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

Basic Information

ID CVE-2025-52608

Source HCL

Published Jun 4, 2026 at 11:49

Affected Product

Vendor HCL

Product iControl

Version 4.0.0

Affected Versions HCL iControl 4.0.0

CWE Classification

CWE-614

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL  iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.",
    "published": "2026-06-04T11:49:16.313Z",
    "modified": "2026-06-04T11:49:16.313Z",
    "type": "cve",
    "title": "HCL  iControl was affected by Missing Cookie Attributes vulnerability.",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131061",
    "id": "CVE-2025-52608",
    "bulletinFamily": "",
    "cwe": [
        "CWE-614"
    ],
    "cvelist": null,
    "sourceData": "HCL iControl 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iControl",
    "version": "4.0.0",
    "vendor": "HCL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL iControl was affected by Missing Cookie Attributes vulnerability._CVE-2025-52608