CVE-2025-63402

MEDIUM

HCLTech Dragon < 7.6.0 - Remote Code Execution via Unrestricted API Requests

Title source: llm

Description

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests

References (3)

Core 3

Core References

Product

http://hcl.com

Product

http://hcltech.com

Vendor Advisory

https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyVd/ckzaFpdm68dwd1nWqgtLfXHp3Pim_YwLUI4WcRB__Ng

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

hcltech/dragon < 7.6.0

Published Dec 03, 2025

Tracked Since Feb 18, 2026