PatchSiren cyber security CVE debrief
CVE-2025-52609 HCL CVE debrief
CVE-2025-52609 is a LOW-severity vulnerability in HCL iControl, a product from HCL Technologies. The vulnerability is caused by missing security headers, which could lead to cross-site scripting (XSS) attacks. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 3.7. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-52609) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2025-52609).
- Vendor
- HCL
- Product
- iControl
- CVSS
- LOW 3.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of HCL iControl, specifically version 4.0.0, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by missing security headers in HCL iControl, which could lead to cross-site scripting (XSS) attacks. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.
Defensive priority
LOW
Recommended defensive actions
- Apply the patch or fix provided by the vendor, as described in the vendor advisory [ref-4].
Evidence notes
The information provided is based on data from [cve-org] and [nvd].
Official resources
-
CVE-2025-52609 CVE record
CVE.org
-
CVE-2025-52609 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2025-52609 was published on 2026-06-04T12:16:23.880Z and last modified on 2026-06-04T18:34:41.517Z.