CVE-2025-0250 LOW

CVE-2025-0250: HCL IEM is affected by an authorization token sent in cookie vulnerability

Vendor Hcl Software
Product IEM
Weakness CWE-319 · Cleartext transmission
Published July 24, 2025
Last update July 25, 2025

CVSS base score

2.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.

Key dates

02Disclosure timeline

July 24, 2025 CVE published
July 25, 2025 Record updated