CVE-2025-55267
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-03-26
CWE-434
HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
References
- support.hcl-software.com (Vendor Advisory)