Vulnerability in Hcl Icontrol

CVE-2025-52608

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-52608?
CVE-2025-52608 is a low-severity vulnerability in Hcl Icontrol, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 3.1/10. Published 2026-06-04.
How severe is CVE-2025-52608?
Low severity. CVSS v3 base score is 3.1 out of 10.