Low severity3.7NVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026
CVE-2025-52609
CVE-2025-52609
Description
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
Affected products
2Patches
Vulnerability mechanics
References
1- support.hcl-software.com/csmnvdVendor Advisory
News mentions
1- HCL Software: Eight Vulnerabilities Disclosed Across Multiple ProductsVypr Intelligence · Jun 4, 2026