Skip to main content

API CVE-2025-31990

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-02-07 psirt@hcl.com
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 07, 2026 - 04:15 nvd
MEDIUM 6.8

DescriptionCVE.org

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.

AnalysisAI

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. [CVSS 6.8 MEDIUM]

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.

Affected ProductsAI

Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overw

RemediationAI

Fixed in version 5.1.7.. Restrict network access to the affected service where possible.

Share

CVE-2025-31990 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy