PatchSiren cyber security CVE debrief
CVE-2025-52611 HCL CVE debrief
CVE-2025-52611 is a low-severity vulnerability (CVSS Score: 3.1) affecting HCL iControl v4.0.0. The issue arises from an unhandled exception leading to stack trace disclosure. This occurs when the application's JavaScript code attempts to access an undefined property, specifically trying to read the 'dashboard' key from an object that has not been properly initialized or is missing.
- Vendor
- HCL
- Product
- iControl
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of HCL iControl v4.0.0 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an undefined property being accessed in the application's JavaScript code. The code attempts to read the property 'dashboard' key from an object that is undefined. This issue likely stems from a missing or improperly initialized object.
Defensive priority
Low
Recommended defensive actions
- Apply the vendor's advisory or patch as described in [ref-4](https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131041) to address the vulnerability.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide official information about the vulnerability. The source item [source-item] provides additional context.
Official resources
-
CVE-2025-52611 CVE record
CVE.org
-
CVE-2025-52611 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2025-52611 was published on 2026-06-04T12:16:24.013Z and modified on 2026-06-04T18:34:24.517Z.