CVE-2025-62329

MEDIUM

Hcltechsw Hcl Devops Deploy - Insufficient Session Expiration

Title source: rule

Description

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

References (1)

[Vendor Advisory] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Scores

CVSS v3 5.0

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (2)

hcltechsw/hcl_devops_deploy 8.0.0.0 - 8.0.1.11

hcltechsw/hcl_launch 7.3.0.0 - 7.3.2.16

Published Dec 16, 2025

Tracked Since Feb 18, 2026