Velocity

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-31991 MEDIUM This Month

Brute-force attacks against HCL DevOps Velocity user login are possible due to inadequate rate limiting enforcement on failed authentication attempts, allowing attackers with high privileges to bypass the unsuccessful login attempt limit and potentially compromise user accounts. CVSS 6.8 reflects the integrity impact (account compromise) across multiple systems; the vulnerability requires high privileges, limiting opportunistic exploitation. Vendor-released patch: version 5.1.7.

Information Disclosure Velocity

NVD

CVSS 3.1

6.8

EPSS

0.0%

CVE-2025-31991

EPSS 0% CVSS 6.8

MEDIUM This Month

Brute-force attacks against HCL DevOps Velocity user login are possible due to inadequate rate limiting enforcement on failed authentication attempts, allowing attackers with high privileges to bypass the unsuccessful login attempt limit and potentially compromise user accounts. CVSS 6.8 reflects the integrity impact (account compromise) across multiple systems; the vulnerability requires high privileges, limiting opportunistic exploitation. Vendor-released patch: version 5.1.7.

Information Disclosure Velocity

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy