Description
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.
Published: 2026-03-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach
Action: Patch
AI Analysis

Impact

HCL Aftermarket Discrete Production Console (DPC) contains a file discovery flaw that enables an attacker to read arbitrary files stored on the system. The vulnerability is classified as a data exposure weakness, allowing a malicious actor to access sensitive files that may contain credentials, configuration data, or other confidential information. Once files are exposed, the adversary may leverage the retrieved data to orchestrate further attacks against the system or its network.

Affected Systems

The affected product is HCL Aftermarket DPC, version 1.0.0 as indicated by the corresponding CPE string. Systems running this version are susceptible to the file discovery issue.

Risk and Exploitability

The CVSS score of 6.5 reflects a medium severity impact, and the EPSS score is currently unavailable. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires an authenticated session or local access to the DPC application; it may also be achievable remotely if the application exposes an interface that accepts file paths as input.

Generated by OpenCVE AI on March 26, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the HCL support article KB0129793 for the latest patch or guidance on addressing the file discovery flaw.
  • Apply the recommended patch or upgrade the Aftermarket DPC instance to the most recent release that mitigates this vulnerability.
  • Verify that the application no longer allows arbitrary file reads and monitor for related security events.

Generated by OpenCVE AI on March 26, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.
Title HCL Aftermarket DPC is affected by File Discovery
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T15:00:52.875Z

Reserved: 2025-08-12T06:59:56.644Z

Link: CVE-2025-55265

cve-icon Vulnrichment

Updated: 2026-03-26T13:39:10.031Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:25.630

Modified: 2026-03-26T20:16:44.820

Link: CVE-2025-55265

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:26Z

Weaknesses