CVE-2025-52655 | THREATINT

Description

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.

PUBLISHED Reserved 2025-06-18 | Published 2025-10-10 | Updated 2025-10-10 | Assigner HCL

LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

Product status

Default status

unaffected

6.6

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0124411

cve.org (CVE-2025-52655)

nvd.nist.gov (CVE-2025-52655)

Download JSON