CVE-2025-55271
Received Received - Intake
HTTP Response Splitting in HCL Aftermarket DPC Enables Command Injection

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: HCL Software

Description
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55271
EUVD
EUVD-2025-209065
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech aftermarket_cloud 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-113 The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in HCL Aftermarket DPC is an HTTP Response Splitting issue. This means that depending on how the web application processes the HTTP response, an attacker could manipulate the response by injecting malicious content or executing arbitrary commands.

Impact Analysis

This vulnerability can allow an attacker to inject harmful content into the web application's HTTP response or execute arbitrary commands, potentially leading to security risks such as web cache poisoning, cross-site scripting, or other malicious activities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55271. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart