Missing Cookie Attributes in HCL iControl
CVE-2025-52608
3.1LOW
What is CVE-2025-52608?
The HCL iControl application is impacted by a Missing Cookie Attributes vulnerability, resulting in inadequate security measures for cookie management. Critical attributes such as 'Secure' and 'SameSite' are not specified, potentially enabling session hijacking and cross-site request forgery (CSRF) attacks. Moreover, the cookie's path is set to root, further broadening the attack surface. It is essential for users to implement recommended security practices to mitigate potential threats.
Affected Version(s)
iControl 4.0.0