CVE-2025-52614
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-20

Assigner: HCL Software

Description
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-20
Generated
2026-05-07
AI Q&A
2025-10-12
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52614
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech unica to 25.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-614 The Secure attribute for sensitive cookies in HTTPS sessions is not set.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in HCL Unica Platform involves cookies that do not have the HTTPOnly flag set. This means that a malicious actor could exploit this by tricking a user into clicking on specially crafted links, potentially allowing the attacker to access the user's cookies via client-side scripts.


How can this vulnerability impact me? :

The vulnerability could allow an attacker to access sensitive cookie information through client-side scripts if a user is tricked into clicking malicious links. This could lead to limited confidentiality risks, such as session hijacking or unauthorized access to user-specific data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart