CVE-2025-55267

MEDIUM

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability

Title source: cna
STIX 2.1

Description

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

References (1)

Core 1

Scores

CVSS v3 5.7
EPSS 0.0029
EPSS Percentile 21.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (2)
HCL/Aftermarket DPC version 1.0.0
hcltech/aftermarket_cloud 1.0.0
Published Mar 26, 2026
Tracked Since Mar 26, 2026