HCL Aftermarket DPC HTTP Response Splitting for Remote Code Exec
CVE-2025-55271 Published on March 26, 2026

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..

NVD

Vulnerability Analysis

CVE-2025-55271 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is a HTTP Response Splitting Vulnerability?

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

CVE-2025-55271 has been classified to as a HTTP Response Splitting vulnerability or weakness.


Affected Versions

HCL Aftermarket DPC Version version 1.0.0 is affected by CVE-2025-55271

Exploit Probability

EPSS
0.02%
Percentile
6.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.