CVE-2025-52603— HCL Connections is vulnerable to information disclosure
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-52603
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL Connections is vulnerable to information disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
故意性的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL Connections 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL Connections是印度HCL公司的一套企业协作平台。 HCL Connections存在安全漏洞,该漏洞源于在特定用户导航场景下,浏览器可能返回内部元数据,导致用户获取有限信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | Connections | 7.0, 8.0 | - |
II. Public POCs for CVE-2025-52603
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-52603
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Connections
- CVE-2026-21788
HCL Connections is vulnerable to cross-site scripting (XSS) - CVE-2025-52639
HCL Connections is vulnerable to sensitive information discl - CVE-2025-31961
HCL Connections is vulnerable to broken access control - CVE-2024-42209
HCL Connections is vulnerable to an information disclosure v - CVE-2024-42188
HCL Connections is vulnerable to a broken access control vul
Same vendor: HCLSoftware
- CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2025-31981
HCL BigFix Service Management (SM) Discovery is vulnerable t - CVE-2025-31958
HCL BigFix Service Management (SM) is susceptible to HTTP Re - CVE-2025-31991
HCL DevOps Velocity is susceptible to brute-force attacks
Same weakness: CWE-213
- CVE-2025-54831
Apache Airflow: Connection sensitive details exposed to user - CVE-2024-49827
IBM Concert Software information disclosure - CVE-2025-4976
Exposure of Sensitive Information Due to Incompatible Polici - CVE-2025-32791
Permission policy information leakage in Backstage permissio - CVE-2025-24316
Dario Health USB-C Blood Glucose Monitoring System Starter K
V. Comments for CVE-2025-52603
No comments yet