CVE-2025-0279 MEDIUM

CVE-2025-0279: HCL Traveler is affected by generation of error messages containing sensitive information

Vendor Hcl Software
Product HCL Traveler
Weakness CWE-209 · Error message info leak
Published April 3, 2025
Last update April 7, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 7, 2025 Record updated