CVE-2025-55270 LOW

CVE-2025-55270: HCL Aftermarket DPC is affected by Improper Input Validation

Vendor Hcl

Product Aftermarket DPC

Weakness CWE-20 · Input validation

Published March 26, 2026

Last update March 26, 2026

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.

Key dates

02Disclosure timeline

March 26, 2026 CVE published

March 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-55270

Related vulnerabilities

04Related CVE

CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders CVE-2024-45612 Insert tag injection via canonical URL in Contao CVE-2021-20194 CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter CVE-2024-1359 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console