HCL Aftermarket DPC Admin Session Concurrency Hijack CVE-2025-55275
CVE-2025-55275 Published on March 26, 2026

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

NVD

Vulnerability Analysis

CVE-2025-55275 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Concurrency Issues

Weaknesses in this category are related to concurrent use of shared resources.


Affected Versions

HCL Aftermarket DPC Version version 1.0.0 is affected by CVE-2025-55275

Exploit Probability

EPSS
0.01%
Percentile
2.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.