CVE-2025-31952 is a security vulnerability identified in HCL Software's iAutomate product, specifically version 6.5.1. The vulnerability is classified under CWE-613, which refers to insufficient session expiration. In this context, iAutomate's session tokens do not expire automatically after a reasonable period of inactivity or elapsed time. Instead, these tokens remain valid indefinitely unless they are manually revoked by an administrator or user. This behavior significantly increases the risk that an attacker who obtains a valid session token—through interception, theft, or other means—can maintain unauthorized access to the system for an extended period without the token becoming invalid. The CVSS v3.1 base score for this vulnerability is 7.1, indicating a high severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) reveals that the vulnerability can be exploited remotely over the network with low attack complexity and requires low privileges but no user interaction. The impact primarily affects confidentiality, as unauthorized actors could use valid tokens to access sensitive information. The integrity impact is rated as none, and availability impact is low, meaning the vulnerability does not directly allow data modification or denial of service but compromises sensitive data confidentiality. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on configuration changes or manual token revocation until an official fix is released.

For European organizations using HCL iAutomate 6.5.1, this vulnerability poses a significant risk to the confidentiality of automated workflows and potentially sensitive operational data managed by the platform. Attackers who gain access to valid session tokens could persistently access the system without detection, leading to unauthorized data exposure or reconnaissance for further attacks. Given that iAutomate is used for automation and orchestration tasks, unauthorized access could also allow attackers to gather intelligence on business processes or indirectly facilitate lateral movement within the network. The lack of automatic session expiration increases the window of opportunity for attackers, especially in environments where token revocation processes are not rigorously enforced. This risk is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized access to personal or sensitive data can lead to regulatory penalties and reputational damage. Additionally, organizations with remote or hybrid workforces may be more vulnerable if session tokens are stored or transmitted insecurely. The vulnerability's exploitation does not require user interaction, making it easier for attackers to leverage stolen tokens without alerting end users.

European organizations should implement immediate compensating controls to mitigate this vulnerability until an official patch is available. These include: 1) Enforce strict manual token revocation policies, ensuring that session tokens are invalidated promptly after user logout, role changes, or inactivity. 2) Monitor and audit session token usage actively to detect unusual or prolonged sessions that may indicate token misuse. 3) Limit the lifetime of session tokens through configuration settings if supported, or implement additional session management controls such as periodic forced re-authentication. 4) Restrict network access to iAutomate interfaces using network segmentation, firewalls, and VPNs to reduce the attack surface. 5) Employ multi-factor authentication (MFA) for accessing iAutomate to reduce the risk of token theft leading to unauthorized access. 6) Educate administrators and users about the risks of token sharing and the importance of secure token handling. 7) Prepare for rapid deployment of patches once released by HCL and validate that session expiration behavior is corrected. These measures go beyond generic advice by focusing on session token lifecycle management, monitoring, and access control specific to the vulnerability's nature.