CVE-2025-62340EXPLOITED

hcl · icontrol

HCL iControl was affected by Inadequate Session Timeout vulnerability

Description

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

Affected Products

Vendor	Product	Versions
hcl	icontrol	v4.2.0

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131511

Related News (1 articles)

Tier C

VulDB12d ago

CVE-2025-62340 | HCL iControl 4.2.0 session expiration (KB0131511)

→ No new info (linked only)

CVSS 3.13.1 LOW

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-613

PublishedJun 17, 2026

Last enriched12d agov2

Trending Score6

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple vulnerabilities in HCL BigFix Compliance (Ruby) allowing code execution, security bypass, data manipulation, information disclosure, and denial of service

Trending: 27

MEDIUMCVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information

Trending: 23

HIGHCVE-2023-37524

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service

Trending: 22

CRITICALCVE-2025-15619EXP

HCL Connections is vulnerable to broken access control

Trending: 21

MEDIUMCVE-2025-59868

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure

Trending: 15

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 17, 2026

Discovered by ZDM

Jun 17, 2026

Updated: description, severity, cvssEstimate, activelyExploited

Jun 17, 2026

Actively Exploited

Jun 17, 2026

Version History

Last enriched 12d ago

v2Tier C12d ago

Updated description with more technical detail, changed severity to MEDIUM, updated CVSS estimate to 5.0, and marked as actively exploited.

descriptionseveritycvssEstimateactivelyExploited

via VulDB

v112d ago

Initial creation