CVE-2025-52611
Unhandled Exception Leading to Stack Trace Disclosure in HCL iControl
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | icontrol | 4.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL iControl v4.0.0 is an Unhandled Exception - Stack Trace Disclosure issue. It happens because the applicationβs JavaScript code tries to access a property called dashboard key from an object that is undefined. This likely occurs due to a missing or improperly initialized object in the code.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of stack trace information, which may reveal internal application details. According to the CVSS score of 3.1, the impact is low and primarily affects confidentiality. There is no impact on integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.