CSV Injection Vulnerability in HCL iControl
CVE-2025-52612

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2025-52612?

HCL iControl is susceptible to a CSV Injection vulnerability resulting from inadequate input parameter validation. This flaw enables attackers to inject malicious content into CSV files, potentially leading to reflected cross-site scripting attacks when the compromised CSV data is processed. Proper sanitization measures should be implemented to mitigate such risks and enhance the security posture of affected systems.

Affected Version(s)

iControl 4.0.0

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.