CVE-2025-62340
Received Received - Intake
Session Timeout Bypass in HCL iControl

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: HCL Software

Description
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-62340
EUVD
EUVD-2025-210239
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl i_control *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-613 According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves inadequate session timeout, meaning user sessions are not automatically terminated after inactivity. This can increase the risk of unauthorized access to user data if sessions remain active longer than intended.

Such a security weakness could potentially impact compliance with standards like GDPR and HIPAA, which require appropriate measures to protect user data and ensure session security to prevent unauthorized access.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Executive Summary

The vulnerability in HCL iControl is an Inadequate Session Timeout issue. This means the web application does not automatically end user sessions after a period of inactivity, which can pose a security risk.

Impact Analysis

Because user sessions are not automatically terminated after inactivity, unauthorized users might gain access to an active session if the legitimate user leaves their session unattended. This can lead to potential exposure of sensitive information or unauthorized actions within the application.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart