What is CVE-2025-52612?

CVE-2025-52612 is a high-severity vulnerability in Hcl Icontrol, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 7.1/10. Published 2026-06-04.

How severe is CVE-2025-52612?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Hcl Icontrol

CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Hcl Icontrol — versions 4.0.0
Hcltech Icontrol — versions 4.0.0

Weakness classification (CWE)

CWE-1236 — Improper Neutralization of Formula Elements in a CSV File

References

psirt@hcl.com (Vendor Advisory)

Frequently asked questions

What is CVE-2025-52612?: CVE-2025-52612 is a high-severity vulnerability in Hcl Icontrol, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 7.1/10. Published 2026-06-04.
How severe is CVE-2025-52612?: High severity. CVSS v3 base score is 7.1 out of 10.