Insufficient Session Expiration in HCL iAutomate Affecting Unauthorized Access
CVE-2025-31952

7.1HIGH

Key Information:

Vendor: HCL Software Software
Status: Iautomate
Vendor: CVE Published:; 24 July 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31952?

HCL iAutomate suffers from an insufficient session expiration vulnerability that permits session tokens to remain valid indefinitely without manual revocation. This oversight significantly heightens the risk of unauthorized access, as attackers could exploit active sessions to gain rights to sensitive data and functionalities. Organizations utilizing HCL iAutomate should address this security weakness promptly to safeguard their systems and ensure robust session management protocols.

Affected Version(s)

iAutomate 6.5.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Apr 1, 2025