CVE-2025-31954 MEDIUM

CVE-2025-31954: HCL iAutomate is susceptible to a sensitive information disclosure

Vendor Hcl Software
Product iAutomate
Weakness CWE-598
Published November 5, 2025
Last update November 5, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.

Key dates

02Disclosure timeline

November 5, 2025 CVE published
November 5, 2025 Record updated