CVE-2025-52603 LOW

CVE-2025-52603: HCL Connections is vulnerable to information disclosure

Vendor Hclsoftware
Product Connections
Weakness CWE-213
Published February 20, 2026
Last update February 20, 2026

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.

Key dates

02Disclosure timeline

February 20, 2026 CVE published
February 20, 2026 Record updated