CVE-2025-31990 MEDIUM

CVE-2025-31990: HCL DevOps Velocity is susceptible to a Denial of Service vulnerability

Vendor Hclsoftware
Product HCL DevOps Velocity
Weakness CWE-770 · Uncontrolled resource consumption
Published February 7, 2026
Last update February 9, 2026

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.

Key dates

02Disclosure timeline

February 7, 2026 CVE published
February 9, 2026 Record updated