CVE-2025-55267
Unrestricted File Upload in HCL Aftermarket DPC Enables Remote Code Execution
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL Aftermarket DPC is an Unrestricted File Upload issue. This means an attacker can upload malicious scripts to the server without proper restrictions, which allows them to execute these scripts and gain full control over the server.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows an attacker to execute malicious code on the server, potentially leading to full server compromise. This could result in unauthorized access, data manipulation, service disruption, or further attacks launched from the compromised server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to upload and execute malicious scripts, gaining full control over the server. This can lead to unauthorized access, data breaches, and potential exposure of sensitive information.
Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.