CVE-2025-55275
Received
Received - Intake
Admin Session Concurrency Vulnerability in HCL Aftermarket DPC
Vulnerability report for CVE-2025-55275, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-557 |