Inadequate Session Timeout in HCL iControl Web Application
CVE-2025-62340
3.1LOW
What is CVE-2025-62340?
The HCL iControl web application is vulnerable to inadequate session timeout, exposing users to potential unauthorized access after periods of inactivity. This vulnerability arises when the application does not automatically terminate user sessions, allowing potential threats to exploit unmanaged sessions. Organizations using HCL iControl should implement immediate measures to review session management policies and apply necessary updates to mitigate risks.
Affected Version(s)
iControl v4.2.0