CVE-2025-0257

Published: Apr 2, 2025Modified: Apr 10, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

Affected (5)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

Hcltechsw

2 products

Hcl Devops Deploy

Hcl Launch

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1.6
Hcltechsw Hcl Devops Deploy	From 8.1.0 to 8.1.1
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.23
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.16
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.11

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119061

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.