CVE-2025-52603
Awaiting Analysis
Awaiting Analysis - Queue
Information Disclosure Vulnerability in HCL Connections Metadata Handling
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: HCL Software
Description
Description
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | connections | 7.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
| hcltech | connections | 8.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-213 | The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. |
