CVE-2025-0257 MEDIUM

CVE-2025-0257: HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services

Vendor Hcl Software
Product HCL DevOps Deploy / HCL Launch
Weakness CWE-306 · Missing auth
Published April 2, 2025
Last update April 3, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

Key dates

02Disclosure timeline

April 2, 2025 CVE published
April 3, 2025 Record updated