CVE-2025-52611 PUBLISHED

HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability

Assigner: HCL
Reserved: 18.06.2025 Published: 04.06.2026 Updated: 04.06.2026

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined. This issue likely stems from one of the following: A missing or improperly initialized object.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HCL
Product	iControl
Versions	Default: unaffected Version 4.0.0 is affected

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131041

Problem Types

CWE-209: Generation of Error Message Containing Sensitive Information CWE