CVE-2025-0256

Published: Mar 24, 2025Modified: Apr 11, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

Affected (6)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

Hcltechsw

2 products

Hcl Devops Deploy

Hcl Launch

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1.5
Hcltechsw Hcl Devops Deploy	Version 8.1.0
Hcltechsw Hcl Launch	From 7.0.0.0 to 7.0.5.26
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.22
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.15
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.10

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119059

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.