Home / Vulnerability Intelligence / CVE-2025-55261

CVE-2025-55261 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 26, 2026

HCL Aftermarket DPC - Broken Access Control

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

HCL Aftermarket DPC contains a broken access control vulnerability caused by missing functional level access control, letting attackers escalate privileges and compromise data integrity and confidentiality, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can escalate privileges, steal, and manipulate data, potentially compromising the entire application.

Mitigation

Update to the latest version with proper access control implemented.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2025-55261 - High (8.1) HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55261/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-55261
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: confirmed
EPSS: 4.2%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days