By weakness (CWE)

CWE-209: related vulnerabilities

CVEs classified under CWE-209. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2025-52606MEDIUM 4.3

    HCL iControl contains a weakness in how it validates user input during its security architecture implementation. The application fails to properly check that incoming data matches the expected type before processing it, allowing an authenticated attacker to submit malformed input that the system does not adequately verify. This can lead to unintended modifications of application state or data.

  • CVE-2025-52611LOW 3.1

    HCL iControl v4.0.0 contains a vulnerability where the application crashes and exposes internal error messages, including stack traces, when certain code paths are triggered. The underlying cause is a programming error where the application attempts to access a property (the 'dashboard key') from an object that hasn't been properly initialized or is missing entirely. While an attacker would need valid login credentials to trigger this issue, the exposure of stack trace information could help them understand the application's internal structure and identify further attack vectors.