CVE-2025-52608
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/06/2026
Last modified:
04/06/2026
Description
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.
Impact
Base Score 3.x
3.10
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hcltech:icontrol:4.0.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



