Platform
other
Component
glovius-cloud
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in HCL Glovius Cloud. This allows an attacker to potentially force an authenticated user's browser to perform unintended actions on the platform. The vulnerability impacts versions of Glovius Cloud up to and including S05.25, and a fix is available from HCL.
The CSRF vulnerability in Glovius Cloud allows an attacker to craft malicious requests that appear to originate from a legitimate, authenticated user. Successful exploitation could lead to unauthorized modifications of user settings, data manipulation, or other actions depending on the functionality exposed by the vulnerable endpoint. While the description specifies a single endpoint, the potential impact depends on the sensitivity of that endpoint's functionality. The attacker needs to trick the user into clicking a malicious link or visiting a crafted webpage.
This vulnerability was publicly disclosed on 2025-11-20. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on CISA KEV. The CVSS score of 6.8 (MEDIUM) suggests a moderate probability of exploitation if a PoC becomes available.
Organizations utilizing HCL Glovius Cloud, particularly those with users who frequently access the platform through web browsers, are at risk. Environments with shared user accounts or those lacking robust user awareness training are particularly vulnerable.
disclosure
Exploit Status
EPSS
0.01% (3% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-62346 is to upgrade to a patched version of HCL Glovius Cloud. Refer to HCL's security advisory for the specific fixed version. As a temporary workaround, implement strict input validation and output encoding on the vulnerable endpoint to reduce the attack surface. Consider implementing CSRF tokens or other anti-CSRF mechanisms on the affected endpoint if upgrading immediately is not possible. Review user access controls to limit the potential impact of a successful attack.
Werk HCL Glovius Cloud bij naar een versie later dan S05.25 die de CSRF kwetsbaarheid heeft verholpen. Raadpleeg het HCL kennisbank artikel voor specifieke instructies over de update. Als tijdelijke maatregel, vermijd toegang tot Glovius Cloud vanaf onbetrouwbare links of terwijl u bent geauthenticeerd op de site.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-62346 describes a Cross-Site Request Forgery (CSRF) vulnerability in HCL Glovius Cloud, allowing attackers to trigger unauthorized actions through a user's browser.
Yes, if you are using HCL Glovius Cloud versions prior to the patched release, you are potentially affected by this CSRF vulnerability.
Upgrade to the latest patched version of HCL Glovius Cloud as recommended in HCL's security advisory. Implement CSRF mitigation techniques as a temporary workaround.
Currently, there are no confirmed reports of active exploitation of CVE-2025-62346, but the potential for exploitation exists.
Refer to the official HCL security advisory for detailed information and remediation steps regarding CVE-2025-62346.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.