CVE-2025-62327 - Vulnerability Details - OpenCVE

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech Subscribe	Devops Deploy Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Hcltech Subscribe	Devops Deploy Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127336

History

Thu, 08 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech devops Deploy
Vendors & Products		Hcltech Hcltech devops Deploy

Wed, 07 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 Jan 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Title		HCL DevOps Deploy is susceptible to insufficiently protected credentials
Weaknesses		CWE-522
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127336
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2026-01-07T15:17:32.375Z

Updated: 2026-01-07T15:26:29.105Z

Reserved: 2025-10-10T09:04:19.899Z

Link: CVE-2025-62327

Vulnrichment

Updated: 2026-01-07T15:26:22.036Z

NVD

Status : Awaiting Analysis

Published: 2026-01-07T16:15:50.877

Modified: 2026-01-08T18:08:54.147

Link: CVE-2025-62327

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-08T09:48:26Z

Weaknesses

CWE-522

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62327", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-10-10T09:04:19.899Z", "datePublished": "2026-01-07T15:17:32.375Z", "dateUpdated": "2026-01-07T15:26:29.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DevOps Deploy", "vendor": "HCLSoftware", "versions": [{"status": "affected", "version": "8.1 - 8.1.2.3"}]}], "datePublic": "2026-01-07T15:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.<br>"}], "value": "In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-01-07T15:17:32.375Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127336"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL DevOps Deploy is susceptible to insufficiently protected credentials", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T15:25:50.720645Z", "id": "CVE-2025-62327", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T15:26:29.105Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62327", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T15:25:50.720645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T15:26:22.036Z"}}], "cna": {"title": "HCL DevOps Deploy is susceptible to insufficiently protected credentials", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCLSoftware", "product": "DevOps Deploy", "versions": [{"status": "affected", "version": "8.1 - 8.1.2.3"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-07T15:16:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127336"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.", "supportingMedia": [{"type": "text/html", "value": "In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-01-07T15:17:32.375Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62327", "state": "PUBLISHED", "dateUpdated": "2026-01-07T15:26:29.105Z", "dateReserved": "2025-10-10T09:04:19.899Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-01-07T15:17:32.375Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}