CVE-2025-52612
HighUpdated
Published: 04 June 2026
Published
04 June 2026
Modified
17 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0020
9.9th percentile
Summary
CVE-2025-52612 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Hcltech Icontrol. Its CVSS base score is 7.1 (High).
Operationally, ranked at the 9.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-210058
Vulnerability details
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
- CWE(s)
Related Threats
CVEs Like This One
CVE-2025-52636Same vendor: Hcltech
CVE-2025-52626Same vendor: Hcltech
CVE-2025-55269Same vendor: Hcltech
CVE-2025-52627Same vendor: Hcltech
CVE-2025-52660Same vendor: Hcltech
CVE-2025-31958Same vendor: Hcltech
CVE-2024-42176Same vendor: Hcltech
CVE-2024-30151Same vendor: Hcltech
CVE-2024-42172Same vendor: Hcltech
CVE-2025-55261Same vendor: Hcltech
Affected Assets
hcltech
icontrol
4.0.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.