Unhandled Exception Vulnerability in HCL iControl Product by HCL Software
CVE-2025-52611

3.1LOW

Key Information:

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2025-52611?

HCL iControl v4.0.0 is susceptible to an Unhandled Exception vulnerability that leads to Stack Trace Disclosure. This vulnerability arises when the application's JavaScript code improperly accesses an undefined property, specifically the 'dashboard' key from an undefined object. The failure to properly initialize or declare the required object can expose sensitive information about the application's internal structure and coding practices, potentially aiding an attacker in crafting further exploits. It is crucial for users of HCL iControl to apply patches or updates promptly to mitigate this vulnerability.

Affected Version(s)

iControl 4.0.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.