CVE-2025-0254 MEDIUM

CVE-2025-0254: HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226.

Vendor Hcl Software
Product HCL Digital Experience
Weakness CWE-295
Published March 20, 2025
Last update March 20, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated