CVE-2025-52654 - Vulnerability Details - OpenCVE

A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Fixes

Solution

For customers using older version, mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerability during upgrade process

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411

History

Fri, 03 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 18:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6.
Title		HCL MyXalytics product is affected by HTML Injection in the web application
Weaknesses		CWE-80
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411
Metrics		cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2025-10-03T18:11:20.450Z

Updated: 2025-10-03T18:54:14.802Z

Reserved: 2025-06-18T14:03:06.891Z

Link: CVE-2025-52654

Vulnrichment

Updated: 2025-10-03T18:54:00.846Z

NVD

Status : Received

Published: 2025-10-03T19:15:46.487

Modified: 2025-10-03T19:15:46.487

Link: CVE-2025-52654

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52654", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:03:06.891Z", "datePublished": "2025-10-03T18:11:20.450Z", "dateUpdated": "2025-10-03T18:54:14.802Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL MyXalytics", "vendor": "HCL", "versions": [{"status": "affected", "version": "6.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in HCL HCL MyXalytics allows HTML Injection<p>This issue affects HCL MyXalytics: 6.6.</p>"}], "value": "A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6."}], "impacts": [{"capecId": "CAPEC-102", "descriptions": [{"lang": "en", "value": "CAPEC-102 Session Sidejacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-03T18:11:20.450Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " For customers using older version, mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerability during upgrade process\n\n<br>"}], "value": "For customers using older version, mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerability during upgrade process"}], "source": {"discovery": "INTERNAL"}, "title": "HCL MyXalytics product is affected by HTML Injection in the web application", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T18:53:45.456428Z", "id": "CVE-2025-52654", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T18:54:14.802Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52654", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:03:06.891Z", "datePublished": "2025-10-03T18:11:20.450Z", "dateUpdated": "2025-10-03T18:54:14.802Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL MyXalytics", "vendor": "HCL", "versions": [{"status": "affected", "version": "6.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in HCL HCL MyXalytics allows HTML Injection<p>This issue affects HCL MyXalytics: 6.6.</p>"}], "value": "A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6."}], "impacts": [{"capecId": "CAPEC-102", "descriptions": [{"lang": "en", "value": "CAPEC-102 Session Sidejacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-03T18:11:20.450Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " For customers using older version, mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerability during upgrade process\n\n<br>"}], "value": "For customers using older version, mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerability during upgrade process"}], "source": {"discovery": "INTERNAL"}, "title": "HCL MyXalytics product is affected by HTML Injection in the web application", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-03T18:53:45.456428Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T18:54:00.846Z"}}]}}