Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.5
HCL Connections Leaks Internal Information
CVE-2025-52603
Summary
HCL Connections, a collaboration platform, is vulnerable to a situation where a user can accidentally view internal details that shouldn't be publicly visible. This can happen when a specific navigation sequence is followed, and it's essential to address this issue to maintain data confidentiality. HCL has likely released a patch or guidance on how to mitigate this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hcltech | connections | 7.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
| hcltech | connections | 8.0 | – |
Original title
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata...
Original description
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
nvd CVSS3.1
3.5
Vulnerability type
CWE-213
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026