Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.

Published

2025-11-05T19:15:51.010

Last Modified

2025-11-07T18:05:06.323

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-598

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	dryice_iautomate	6.5.1	Yes
Application	hcltech	dryice_iautomate	6.5.2	Yes

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0125011 Vendor Advisory ([email protected])