CVE-2025-52611
3.1 LOWHCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-209
Affected products
| Vendor | Product |
|---|---|
| hcltech | icontrol |
Description
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined. This issue likely stems from one of the following: A missing or improperly initialized object.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2025-52612 — HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
- CVE-2025-52609 — HCL iControl was affected by Missing Security Headers vulnerability (3.7 LOW)
- CVE-2025-52608 — HCL iControl was affected by Missing Cookie Attributes vulnerability (3.1 LOW)
- CVE-2025-52606 — HCL iControl was affected by Weak Input Validation vulnerability (4.3 MEDIUM)
- CVE-2025-31985 — HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header (3.7 LOW)
Same CWE
- CVE-2026-41730 — Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer intern... (5.3 MEDIUM)
- CVE-2025-52606 — HCL iControl was affected by Weak Input Validation vulnerability (4.3 MEDIUM)
- CVE-2026-9794 — A flaw was found in Keycloak (5.3 MEDIUM)
- CVE-2026-42459 — free5GC is an open-source implementation of the 5G core network (7.5 HIGH)
- CVE-2026-1248 — IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages (4.3 MEDIUM)