Missing Security Headers in HCL iControl Leading to XSS Vulnerabilities
CVE-2025-52609
3.7LOW
What is CVE-2025-52609?
HCL iControl is exposed to a Missing Security Headers vulnerability that could enable cross-site scripting (XSS) attacks. This flaw arises from insufficient security headers, which can lead to the exploitation of XSS vulnerabilities when modern web browsers' built-in filtering mechanisms are bypassed. Attackers may exploit this weakness to inject malicious scripts, potentially compromising user data and security.
Affected Version(s)
iControl 4.0.0