CVE-2025-52606
Weak Input Validation in HCL iControl
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | i_control | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL iControl is a Weak Input Validation issue. It occurs because the system receives input that is expected to be of a certain type but either does not validate or incorrectly validates that the input is actually of the expected type. This weakness arises during the implementation of an architectural security tactic.
How can this vulnerability impact me? :
This vulnerability can impact the integrity of the system by allowing incorrect or malicious input to be processed. According to the CVSS score (4.3), it has a low to medium severity with a network attack vector, low attack complexity, and requires low privileges but no user interaction. The impact is limited to integrity loss, meaning unauthorized modification of data or system behavior could occur, but confidentiality and availability are not affected.