CVE-2025-55261
Missing Access Control in HCL Aftermarket DPC Enables Privilege Escalation
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL Aftermarket DPC is due to Missing Functional Level Access Control. This means that the system does not properly restrict user permissions at the functional level, allowing an attacker to escalate their privileges within the application.
As a result, the attacker may gain unauthorized access to sensitive parts of the application, potentially compromising it.
This could lead to the attacker stealing or manipulating data within the application.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized privilege escalation by an attacker.
An attacker exploiting this flaw may compromise the application, leading to potential data theft or manipulation.
Additionally, the CVSS score of 8.1 indicates a high severity, meaning the impact on confidentiality and availability is significant.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in HCL Aftermarket DPC involves Missing Functional Level Access Control, which allows an attacker to escalate privileges and potentially compromise the application, leading to data theft and manipulation.
Such unauthorized access and data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.