Inclusion of Functionality from Untrusted Control Sphere in HCL MyXalytics
CVE-2025-52655

3.1LOW

Key Information:

Vendor: HCL Software
Status: HCL Software Myxalytics
Vendor: CVE Published:; 10 October 2025

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-52655?

The vulnerability in HCL MyXalytics, specifically in version 6.6, relates to the potential for loading third-party scripts without adequate integrity checks. This flaw enables external code to execute within the application's context, leading to the possible exposure of sensitive data and unauthorized access to the system. Organizations using this product should take immediate steps to mitigate risks associated with this vulnerability.

Affected Version(s)

HCL MyXalytics 6.6

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jun 18, 2025

JSON