CVE-2025-15619 - Vulnerability Details - OpenCVE

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HCLSoftware

Connections

unaffected

Version	Status	Constraints
`7.0, 8.0`	affected	—

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130163

History

Tue, 23 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 23 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.
Title		HCL Connections is vulnerable to broken access control
Weaknesses		CWE-284 CWE-319
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130163
Metrics		cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2026-06-23T15:17:29.534Z

Updated: 2026-06-23T15:46:52.076Z

Reserved: 2026-04-01T15:59:36.219Z

Link: CVE-2025-15619

Vulnrichment

Updated: 2026-06-23T15:46:48.332Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-23T20:15:04Z

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15619", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-04-01T15:59:36.219Z", "datePublished": "2026-06-23T15:17:29.534Z", "dateUpdated": "2026-06-23T15:46:52.076Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-06-23T15:17:29.534Z"}, "title": "HCL Connections is vulnerable to broken access control", "datePublic": "2026-06-23T15:17:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper access control", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-319", "description": "CWE-319 Cleartext transmission of sensitive information", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Connections", "versions": [{"status": "affected", "version": "7.0, 8.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130163"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-23T15:46:45.426418Z", "id": "CVE-2025-15619", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T15:46:52.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-23T15:46:45.426418Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T15:46:48.332Z"}}], "cna": {"title": "HCL Connections is vulnerable to broken access control", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Connections", "versions": [{"status": "affected", "version": "7.0, 8.0"}], "defaultStatus": "unaffected"}], "datePublic": "2026-06-23T15:17:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130163"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.", "supportingMedia": [{"type": "text/html", "value": "HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper access control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext transmission of sensitive information"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-06-23T15:17:29.534Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15619", "state": "PUBLISHED", "dateUpdated": "2026-06-23T15:46:52.076Z", "dateReserved": "2026-04-01T15:59:36.219Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-06-23T15:17:29.534Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}