CVE-2025-63401

low-risk

Published 2025-12-03

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Dragon

Affected Vendors

Hcltech

References (3)

Product http://hcl.com

Product http://hcltech.com

Vendor Advisory https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyQn/x0oUO...

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal