Cyber Resilience

CVE-2025-52612

HighUpdated

Published: 04 June 2026

Published
04 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0020 9.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-52612 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Hcltech Icontrol. Its CVSS base score is 7.1 (High).

Operationally, ranked at the 9.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-52636Same vendor: Hcltech
CVE-2025-52626Same vendor: Hcltech
CVE-2025-55269Same vendor: Hcltech
CVE-2025-52627Same vendor: Hcltech
CVE-2025-52660Same vendor: Hcltech
CVE-2025-31958Same vendor: Hcltech
CVE-2024-42176Same vendor: Hcltech
CVE-2024-30151Same vendor: Hcltech
CVE-2024-42172Same vendor: Hcltech
CVE-2025-55261Same vendor: Hcltech

Affected Assets

hcltech
icontrol
4.0.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References