CVE-2025-52608

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Web Based

View CWE Details

https://support.hcl-software.com/csm?id=kb_article&sysparm_…

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131061

CVE-2025-52608

Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Common Consequences

Applicable Platforms

Iscriviti alla newsletter