CVE-2025-55265
File Discovery Vulnerability in HCL Aftermarket DPC Enables Sensitive Data Exposure
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL Aftermarket DPC is related to File Discovery, which allows an attacker to read sensitive files present on the system. This unauthorized access to sensitive files can be leveraged by the attacker to craft further attacks.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to access sensitive files on your system without authorization. Such access can lead to exposure of confidential information and may enable attackers to plan and execute additional attacks, potentially compromising system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in HCL Aftermarket DPC allows an attacker to read sensitive files present in the system, which could lead to unauthorized access to sensitive data.
Such unauthorized access to sensitive information may impact compliance with data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive data against unauthorized disclosure.
However, the provided information does not explicitly describe the direct effects on compliance with these standards.