CVE-2025-52612
Undergoing Analysis Undergoing Analysis - In Progress
CSV Injection in HCL iControl

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: HCL Software

Description
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-04
AI Q&A
2026-06-04
EPSS Evaluated
N/A
NVD
CVE-2025-52612
EUVD
EUVD-2025-210058
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl icontrol *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1236 The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in HCL iControl involves CSV Injection and reflected cross-site scripting due to insufficient input sanitation, which can lead to unauthorized data manipulation or disclosure.

Such vulnerabilities can impact compliance with standards like GDPR and HIPAA by potentially exposing sensitive personal or health information, violating requirements for data protection and integrity.

Organizations using affected versions of HCL iControl should assess the risk of data breaches or unauthorized access resulting from this vulnerability to ensure continued compliance.


Can you explain this vulnerability to me?

The vulnerability in HCL iControl involves an Export CSV - CSV Injection issue and a reflected cross-site scripting (XSS) vulnerability. It occurs due to insufficient sanitation of input parameters, allowing malicious input to be executed.


How can this vulnerability impact me? :

This vulnerability can lead to high impact on confidentiality, integrity, and availability, as indicated by the CVSS score. An attacker could exploit the reflected XSS to execute malicious scripts in the context of a user's browser, potentially stealing sensitive information or performing unauthorized actions. The CSV Injection could allow malicious code execution when exported CSV files are opened.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart