CVE-2025-52606

4.3 MEDIUM

HCL iControl was affected by Weak Input Validation vulnerability

Published: 2026-06-04 · Last updated: 2026-06-04

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-209

Affected products

Vendor	Product
hcltech	icontrol

Description

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-52606
[Vendor advisory]https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131178

Related CVEs

Same vendor

CVE-2025-52612 — HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
CVE-2025-52609 — HCL iControl was affected by Missing Security Headers vulnerability (3.7 LOW)
CVE-2025-52608 — HCL iControl was affected by Missing Cookie Attributes vulnerability (3.1 LOW)
CVE-2025-31985 — HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header (3.7 LOW)

Same CWE

CVE-2026-41730 — Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer intern... (5.3 MEDIUM)
CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
CVE-2026-9794 — A flaw was found in Keycloak (5.3 MEDIUM)
CVE-2026-42459 — free5GC is an open-source implementation of the 5G core network (7.5 HIGH)
CVE-2026-1248 — IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages (4.3 MEDIUM)