Plataforma
other
Componente
glovius-cloud
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in HCL Glovius Cloud. This allows an attacker to potentially force an authenticated user's browser to perform unintended actions on the platform. The vulnerability impacts versions of Glovius Cloud up to and including S05.25, and a fix is available from HCL.
The CSRF vulnerability in Glovius Cloud allows an attacker to craft malicious requests that appear to originate from a legitimate, authenticated user. Successful exploitation could lead to unauthorized modifications of user settings, data manipulation, or other actions depending on the functionality exposed by the vulnerable endpoint. While the description specifies a single endpoint, the potential impact depends on the sensitivity of that endpoint's functionality. The attacker needs to trick the user into clicking a malicious link or visiting a crafted webpage.
This vulnerability was publicly disclosed on 2025-11-20. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on CISA KEV. The CVSS score of 6.8 (MEDIUM) suggests a moderate probability of exploitation if a PoC becomes available.
Organizations utilizing HCL Glovius Cloud, particularly those with users who frequently access the platform through web browsers, are at risk. Environments with shared user accounts or those lacking robust user awareness training are particularly vulnerable.
disclosure
Status do Exploit
EPSS
0.01% (percentil 3%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-62346 is to upgrade to a patched version of HCL Glovius Cloud. Refer to HCL's security advisory for the specific fixed version. As a temporary workaround, implement strict input validation and output encoding on the vulnerable endpoint to reduce the attack surface. Consider implementing CSRF tokens or other anti-CSRF mechanisms on the affected endpoint if upgrading immediately is not possible. Review user access controls to limit the potential impact of a successful attack.
Atualize o HCL Glovius Cloud para uma versão posterior a S05.25 que tenha corrigido a vulnerabilidade CSRF. Consulte o artigo da base de conhecimento da HCL para obter instruções específicas sobre a atualização. Como medida temporária, evite acessar o Glovius Cloud a partir de links não confiáveis ou enquanto estiver autenticado no site.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-62346 describes a Cross-Site Request Forgery (CSRF) vulnerability in HCL Glovius Cloud, allowing attackers to trigger unauthorized actions through a user's browser.
Yes, if you are using HCL Glovius Cloud versions prior to the patched release, you are potentially affected by this CSRF vulnerability.
Upgrade to the latest patched version of HCL Glovius Cloud as recommended in HCL's security advisory. Implement CSRF mitigation techniques as a temporary workaround.
Currently, there are no confirmed reports of active exploitation of CVE-2025-62346, but the potential for exploitation exists.
Refer to the official HCL security advisory for detailed information and remediation steps regarding CVE-2025-62346.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.