Low severity3.1NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2025-52608

Description

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

Affected products

HCL Software/iControlllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hcl-software.com/csmnvd

News mentions

HCL Software: Eight Vulnerabilities Disclosed Across Multiple Products
Vypr Intelligence · Jun 4, 2026

cvss	0.202
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000