CVE-2025-55274
Received Received - Intake

CORS Misconfiguration in HCL Aftermarket DPC Risks Data Exposure

Vulnerability report for CVE-2025-55274, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: HCL Software

Description

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-07-06
AI Q&A
2026-03-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcltech aftermarket_cloud 1.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability involves CORS misconfigurations that can lead to exposure of sensitive user information, unauthorized access to APIs, and potential data leakage or manipulation.

Such exposure and unauthorized access could potentially result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and breaches.

Exploitation of this vulnerability could lead to data theft or actions performed on behalf of legitimate users, increasing the risk of violating privacy and security requirements mandated by these standards.

Executive Summary

This vulnerability affects HCL Aftermarket DPC and is related to Cross-Origin Resource Sharing (CORS) misconfigurations. Such misconfigurations can expose sensitive user information to attackers, allow unauthorized access to APIs, and potentially lead to data manipulation or leakage.

If an attacker exploits this CORS misconfiguration, they could steal sensitive data or perform actions on behalf of a legitimate user.

Impact Analysis

The impact of this vulnerability includes the potential theft of sensitive data and unauthorized actions performed on behalf of legitimate users. This could lead to data breaches, loss of user trust, and unauthorized manipulation of information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart