CVE-2025-31952 – HCL iAutomate has insufficient session expirati... (How to Fix)

Q: What is the severity of CVE-2025-31952?

CVE-2025-31952 has a CVSS score of 7.1 (HIGH). HCL iAutomate has insufficient session expiration, allowing authentication tokens to remain valid indefinitely unless manually revoked. This affects all users of vulnerable HCL iAutomate installations, potentially enabling unauthorized access to authenticated sessions.

📋 TL;DR

HCL iAutomate has insufficient session expiration, allowing authentication tokens to remain valid indefinitely unless manually revoked. This affects all users of vulnerable HCL iAutomate installations, potentially enabling unauthorized access to authenticated sessions.

💻 Affected Systems

Products:

HCL iAutomate

Versions: All versions prior to the fix

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using default session management settings are vulnerable.

📦 What is this software?

Dryice Iautomate by Hcltech

View all CVEs affecting Dryice Iautomate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain persistent access to authenticated sessions, potentially compromising administrative functions, accessing sensitive data, or performing unauthorized actions within the iAutomate platform.

🟠

Likely Case

Stolen or leaked session tokens remain usable indefinitely, allowing attackers to access the system with the privileges of the compromised user account.

🟢

If Mitigated

With proper session management controls, the impact is limited to the duration of legitimate sessions, though token theft remains a concern.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires obtaining valid session tokens through other means (phishing, MITM, credential theft).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to vendor advisory for specific patched versions

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122646

Restart Required: Yes

Instructions:

1. Review vendor advisory KB0122646. 2. Apply the recommended patch/update from HCL. 3. Restart iAutomate services. 4. Verify session expiration is now enforced.

🔧 Temporary Workarounds

Manual Session Revocation

all

Implement manual session revocation procedures and regularly invalidate active sessions

Session Timeout Configuration

all

Configure application-level session timeout settings if available

🧯 If You Can't Patch

Implement network segmentation to restrict access to iAutomate systems
Enforce multi-factor authentication and monitor for suspicious session activity

🔍 How to Verify

Check if Vulnerable:

Check if session tokens remain valid beyond expected expiration time by testing with captured tokens

Check Version:

Check iAutomate version through administrative interface or configuration files

Verify Fix Applied:

Verify that session tokens now expire according to configured timeout settings

📡 Detection & Monitoring

Log Indicators:

Unusual session duration patterns
Multiple concurrent sessions from same user
Session access from unexpected locations

Network Indicators:

Repeated authentication attempts with same token
Session reuse from different IP addresses

SIEM Query:

source="iAutomate" AND (event_type="session" AND duration>3600) OR (user="*" AND ip_change="true" AND session_reuse="true")

📊 Metadata

CVE ID: CVE-2025-31952

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-613

EPSS Score: 0.07% exploit probability (22.3th percentile)

Published: July 24, 2025

Last Updated: October 10, 2025

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0122646 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31952, you might also want to check these: