CVE-2025-31952 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-31952

CWE

https://cwe.mitre.org/data/definitions/613.html

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Iautomate	Hcltech	6.5.1 (including)	6.5.1 (including)

Potential Mitigations

References

https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122646