CVE-2025-55274
Received Received - Intake
CORS Misconfiguration in HCL Aftermarket DPC Risks Data Exposure

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: HCL Software

Description
HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-05-07
AI Q&A
2026-03-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-55274
EUVD
EUVD-2025-209072
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech aftermarket_cloud 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects HCL Aftermarket DPC and is related to Cross-Origin Resource Sharing (CORS) misconfigurations. Such misconfigurations can expose sensitive user information to attackers, allow unauthorized access to APIs, and potentially lead to data manipulation or leakage.

If an attacker exploits this CORS misconfiguration, they could steal sensitive data or perform actions on behalf of a legitimate user.


How can this vulnerability impact me? :

The impact of this vulnerability includes the potential theft of sensitive data and unauthorized actions performed on behalf of legitimate users. This could lead to data breaches, loss of user trust, and unauthorized manipulation of information.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability involves CORS misconfigurations that can lead to exposure of sensitive user information, unauthorized access to APIs, and potential data leakage or manipulation.

Such exposure and unauthorized access could potentially result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and breaches.

Exploitation of this vulnerability could lead to data theft or actions performed on behalf of legitimate users, increasing the risk of violating privacy and security requirements mandated by these standards.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart