Improper Invalidation of Access Token in HCL IEM
CVE-2025-0249

3.3LOW

Key Information:

Vendor: HCL Software Software
Status: Iem
Vendor: CVE Published:; 25 July 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-0249?

HCL IEM is susceptible to a vulnerability that arises from the improper invalidation of access tokens, specifically JSON Web Tokens (JWTs). This flaw can be exploited by attackers to gain unauthorized access to sensitive data, as tokens may remain valid even after they should be revoked. Organizations using HCL IEM should review their token management strategies to mitigate this risk.

Affected Version(s)

IEM 1.2

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jan 6, 2025