CVE-2025-52603
Information Disclosure Vulnerability in HCL Connections Metadata Handling
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | connections | 7.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-213 | The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52603 is an information disclosure vulnerability in HCL Connections. It occurs in a very specific user navigation scenario where a user can obtain limited information because a single piece of internal metadata is returned in the browser.
How can this vulnerability impact me? :
This vulnerability could allow an attacker with limited privileges to gain access to some internal metadata information that is not intended to be exposed. Although the impact is limited to information disclosure and does not affect integrity or availability, it could potentially aid an attacker in further attacks or reconnaissance.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know