CVE-2025-31954

Name of the Vulnerable Software and Affected Versions HCL iAutomate versions 6.5.1 through 6.5.2

Description HCL iAutomate versions 6.5.1 and 6.5.2 have a sensitive information disclosure issue. The application uses an HTTP GET method to process requests, including sensitive information within the query string. This could allow an attacker to access unintended information or resources. The vulnerable request uses the ''/'' API endpoint with sensitive data in the query string. The parameter query string contains the sensitive information.

Recommendations Update HCL iAutomate to a version newer than 6.5.2.