{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52655", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:03:06.891Z", "datePublished": "2025-10-10T08:55:40.033Z", "dateUpdated": "2025-10-10T13:46:15.359Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL MyXalytics", "vendor": "HCL", "versions": [{"status": "affected", "version": "6.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6<br>allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure."}], "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6\nallows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-10T08:55:40.033Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "As a part of HCL MyXalytics v6.7, these issues have been remediated. For customers using older versions, the mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerabilities during upgrade process. For fix implementation, our HCL MyXalytics support team will provide required the assistance.\n\n<br>"}], "value": "As a part of HCL MyXalytics v6.7, these issues have been remediated. For customers using older versions, the mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerabilities during upgrade process. For fix implementation, our HCL MyXalytics support team will provide required the assistance."}], "source": {"discovery": "UNKNOWN"}, "title": "HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-10T13:46:09.371910Z", "id": "CVE-2025-52655", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T13:46:15.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-10T13:46:09.371910Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T13:46:12.470Z"}}], "cna": {"title": "HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "HCL MyXalytics", "versions": [{"status": "affected", "version": "6.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "As a part of HCL MyXalytics v6.7, these issues have been remediated. For customers using older versions, the mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerabilities during upgrade process. For fix implementation, our HCL MyXalytics support team will provide required the assistance.", "supportingMedia": [{"type": "text/html", "value": "As a part of HCL MyXalytics v6.7, these issues have been remediated. For customers using older versions, the mitigation path will include upgrade to version 6.7 which in turn will fix the vulnerabilities during upgrade process. For fix implementation, our HCL MyXalytics support team will provide required the assistance.\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6\nallows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.", "supportingMedia": [{"type": "text/html", "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6<br>allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-10T08:55:40.033Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52655", "state": "PUBLISHED", "dateUpdated": "2025-10-10T13:46:15.359Z", "dateReserved": "2025-06-18T14:03:06.891Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-10-10T08:55:40.033Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6\nallows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure."}], "id": "CVE-2025-52655", "lastModified": "2025-10-14T19:37:28.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2025-10-10T09:15:37.593", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}