CVE-2025-55275

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-26 13:16

Updated : 2026-03-26 20:25

NVD link : CVE-2025-55275

Mitre link : CVE-2025-55275

CVE.ORG link : CVE-2025-55275

JSON object : View

Products Affected

hcltech

aftermarket_cloud

CWE

CWE-557

Concurrency Issues

3.7 /10