← Back
2026-03-26 12:47CVE-2025-55275HCL
PUBLISHED5.2CWE-557

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

Problem type

Affected products

HCL

Aftermarket DPC

version 1.0.0 - AFFECTED

References

support.hcl-software.com

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-55275
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-55275",
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "dateUpdated": "2026-03-26T13:21:32.798Z",
    "dateReserved": "2025-08-12T07:00:17.742Z",
    "datePublished": "2026-03-26T12:47:08.836Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL",
        "dateUpdated": "2026-03-26T12:47:08.836Z"
      },
      "title": "HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability",
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "HCL",
          "product": "Aftermarket DPC",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "version 1.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-557: Concurrency Issues is a Category",
              "cweId": "CWE-557",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
            "attackVector": "NETWORK",
            "attackComplexity": "HIGH",
            "privilegesRequired": "LOW",
            "userInteraction": "REQUIRED",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW"
          }
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T13:21:32.798Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}