What is the CVSS score of CVE-2025-55268?

CVE-2025-55268 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Aftermarket Dpc are affected by CVE-2025-55268?

Organizations using HCL Aftermarket DPC should be aware of moderate risk from CVE-2025-55268 rated CVSS 4.3. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-55268?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Aftermarket Dpc CVE-2025-55268

EUVD-2025-209059 MEDIUM

Improper Control of Interaction Frequency (CWE-799)

2026-03-26 HCL

Denial Of Service Aftermarket Dpc

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 26, 2026 - 13:15 euvd

EUVD-2025-209059

Analysis Generated

Mar 26, 2026 - 13:15 vuln.today

CVE Published

Mar 26, 2026 - 13:00 nvd

MEDIUM 4.3

DescriptionNVD

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.

AnalysisAI

HCL Aftermarket DPC version 1.0.0 is vulnerable to excessive spamming that consumes server bandwidth and processing resources, potentially causing denial of service to legitimate users. The vulnerability requires user interaction (UI:R per CVSS vector) and is remotely exploitable without authentication, resulting in partial availability impact. No public exploit code or active exploitation has been identified at time of analysis, though the low barrier to exploitation (AC:L) makes this a practical attack vector for resource exhaustion.

Technical ContextAI

CVE-2025-55268 is classified under CWE-799 (Improper Control of Interaction Frequency), which describes inadequate rate limiting or request throttling mechanisms. HCL Aftermarket DPC (CPE: cpe:2.3:a:hcl:aftermarket_dpc:*:*:*:*:*:*:*:*) lacks sufficient input validation or request filtering to prevent an attacker from flooding the application with repeated requests. The vulnerability stems from missing or insufficient anti-spam controls that would normally enforce per-user or per-IP request quotas, connection limits, or CAPTCHA challenges. The root cause is not a flaw in an underlying library but rather incomplete implementation of resource protection mechanisms in the application's request handling layer.

RemediationAI

HCL customers should consult the official vendor advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793 for patch availability and recommended upgrade versions. Until a patched version is deployed, implement compensating controls: configure rate limiting at the network or load balancer level to restrict requests per source IP or user session, deploy Web Application Firewall (WAF) rules to detect and block spamming patterns, enforce request throttling with exponential backoff for repeated submissions from the same source, and monitor server resource utilization and request logs for anomalies indicating attack activity. If the application is exposed to untrusted networks, consider restricting access via IP allowlisting or VPN until patching is complete.

CVE-2025-55268 vulnerability details – vuln.today

Back

Aftermarket Dpc CVE-2025-55268

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code