Missing Cookie Attributes in HCL iControl
CVE-2025-52608

3.1LOW

Key Information:

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2025-52608?

The HCL iControl application is impacted by a Missing Cookie Attributes vulnerability, resulting in inadequate security measures for cookie management. Critical attributes such as 'Secure' and 'SameSite' are not specified, potentially enabling session hijacking and cross-site request forgery (CSRF) attacks. Moreover, the cookie's path is set to root, further broadening the attack surface. It is essential for users to implement recommended security practices to mitigate potential threats.

Affected Version(s)

iControl 4.0.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.