CVE-2025-55265 MEDIUM

CVE-2025-55265: HCL Aftermarket DPC is affected by File Discovery

Vendor Hcl

Product Aftermarket DPC

Weakness CWE-200 · Info exposure

Published March 26, 2026

Last update March 26, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.

Key dates

02Disclosure timeline

March 26, 2026 CVE published

March 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-55265 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns CVE-2023-41354 Chunghwa Telecom NOKIA G-040W-Q - Exposure of Sensitive Information CVE-2024-33575 WordPress User Meta plugin <= 3.0 - Sensitive Data Exposure vulnerability CVE-2026-47165 ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model CVE-2023-38494 The cloud version of the MeterSphere interface leaks some sensitive data without authentication