CVE-2025-55267

EPSS 0.01%
Veröffentlicht 26.03.2026 13:01:38
Zuletzt bearbeitet 26.03.2026 20:35:15
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Aftermarket Cloud Version1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@hcl.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-55267

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55267

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55267

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55267