CVE-2025-52655 LOW

CVE-2025-52655: HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Vendor Hcl
Product HCL MyXalytics
Weakness CWE-829 · Inclusion from untrusted sphere
Published October 10, 2025
Last update October 10, 2025

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.

Key dates

02Disclosure timeline

October 10, 2025 CVE published
October 10, 2025 Record updated