CVE Catalog
CVE-2025-62340
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk0.19%
9th percentile — higher than 9% of all known CVEs
Summary
The vulnerability in HCL iControl is due to inadequate session timeout. The web application does not automatically terminate user sessions after a period of inactivity.
Risk Assessment
The risk is that an attacker could hijack an active user session, gaining unauthorized access to the system and data.
Recommendation
It is recommended to configure a shorter session timeout and implement automatic logout mechanisms after a period of inactivity.
Original NVD description (English source)
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

