← Back
2026-02-07 3:26CVE-2025-31990HCL
PUBLISHED5.2CWE-770

HCL DevOps Velocity is susceptible to a Denial of Service vulnerability

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.

Problem type

Affected products

HCLSoftware

HCL DevOps Velocity

<5.1.7 - AFFECTED

References

support.hcl-software.com

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128585

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-31990
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-31990",
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "dateUpdated": "2026-02-07T03:26:40.396Z",
    "dateReserved": "2025-04-01T18:46:33.656Z",
    "datePublished": "2026-02-07T03:26:40.396Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL",
        "dateUpdated": "2026-02-07T03:26:40.396Z"
      },
      "datePublic": "2026-02-07T03:25:00.000Z",
      "title": "HCL DevOps Velocity is susceptible to a Denial of Service vulnerability",
      "descriptions": [
        {
          "lang": "en",
          "value": "Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks.  An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users.  This vulnerability is fixed in 5.1.7.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks.  An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users.  This vulnerability is fixed in 5.1.7.<br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "HCLSoftware",
          "product": "HCL DevOps Velocity",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "<5.1.7",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "cweId": "CWE-770",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128585"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "HIGH",
            "userInteraction": "NONE",
            "scope": "CHANGED",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    }
  }
}