PatchSiren cyber security CVE debrief
CVE-2025-52608 HCL CVE debrief
HCL iControl was affected by a Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. The path is also set to root. This vulnerability has a CVSS score of 3.1 and a severity of LOW.
- Vendor
- HCL
- Product
- iControl
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of HCL iControl should review and apply the necessary patches to mitigate this vulnerability.
Technical summary
The HCL iControl application is missing several critical cookie attributes, including Secure and SameSite. The path is set to root. This vulnerability has a CVSS score of 3.1 and a severity of LOW. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates provided by the vendor to address the missing cookie attributes vulnerability.
- Review and update cookie attributes to include Secure and SameSite.
- Restrict the path to a specific directory instead of setting it to root.
Evidence notes
The CVE-2025-52608 record was published on 2026-06-04T12:16:23.710Z and modified on 2026-06-04T18:38:35.920Z.
Official resources
-
CVE-2025-52608 CVE record
CVE.org
-
CVE-2025-52608 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2025-52608 was published on 2026-06-04T12:16:23.710Z and modified on 2026-06-04T18:38:35.920Z.