Missing Security Headers in HCL iControl Leading to XSS Vulnerabilities
CVE-2025-52609

3.7LOW

Key Information:

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2025-52609?

HCL iControl is exposed to a Missing Security Headers vulnerability that could enable cross-site scripting (XSS) attacks. This flaw arises from insufficient security headers, which can lead to the exploitation of XSS vulnerabilities when modern web browsers' built-in filtering mechanisms are bypassed. Attackers may exploit this weakness to inject malicious scripts, potentially compromising user data and security.

Affected Version(s)

iControl 4.0.0

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.