CVE Catalog

CVE-2025-62340

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

The vulnerability in HCL iControl is due to inadequate session timeout. The web application does not automatically terminate user sessions after a period of inactivity.

Risk Assessment

The risk is that an attacker could hijack an active user session, gaining unauthorized access to the system and data.

Recommendation

It is recommended to configure a shorter session timeout and implement automatic logout mechanisms after a period of inactivity.

Original NVD description (English source)

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

Vulnerability data from NVD (NIST) · CISA KEV · EPSS