CVE-2025-55266

Description

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE

HCL Aftermarket DPC (具体受影响版本请参考官方公告KB0129793)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC Demonstration for Session Fixation
# Attacker obtains a session ID and sends it to victim

import requests

def check_session_fixation(url):
    # 1. Attacker gets a session ID
    s = requests.Session()
    s.get(url)
    fixed_sid = s.cookies.get('SESSIONID')
    print(f"[+] Attacker sets Session ID: {fixed_sid}")

    # 2. Victim logs in (Simulated)
    # If the server does not issue a new SESSIONID after login,
    # the attacker can use 'fixed_sid' to access the account.
    print(f"[+] Check if server rotates Session ID after login.")
    print(f"[+] If not, vulnerability confirmed.")

check_session_fixation('https://target-dpc.com/login')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-55266
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-55266
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-55266/
[4] VulDB https://vuldb.com/cve/CVE-2025-55266
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-55266", "sourceIdentifier": "[email protected]", "published": "2026-03-26T13:16:25.800", "lastModified": "2026-03-26T20:35:39.043", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user."}, {"lang": "es", "value": "HCL Aftermarket DPC se ve afectado por fijación de sesión, lo que permite al atacante tomar el control de la sesión del usuario y usarla para realizar transacciones no autorizadas en nombre del usuario."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-384"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}