CVE-2025-55261 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 26, 2026
HCL Aftermarket DPC - Broken Access Control
Published: March 26, 2026Updated: March 26, 2026Remote Exploitable
Overview
HCL Aftermarket DPC contains a broken access control vulnerability caused by missing functional level access control, letting attackers escalate privileges and compromise data integrity and confidentiality, exploit requires no special conditions.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can escalate privileges, steal, and manipulate data, potentially compromising the entire application.
Mitigation
Update to the latest version with proper access control implemented.
Related Resources
Details
- CVE ID
- CVE-2025-55261
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- unconfirmed
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H