CVE-2025-0255

moderate-risk
Published 2025-03-24

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Do I need to act?

-
0.62% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (3)

Hcl Devops Deploy
Hcl Devops Deploy

Affected Vendors

Hcltechsw

References (1)

Vendor Advisory https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119060
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 9/34 · Low