Cyber Posture

CVE-2025-55263

High

Published: 26 March 2026

Published
26 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
EPSS Score 0.0004 12.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55263 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Hcltech Aftermarket Cloud. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
preventrecover

SI-2 mandates timely flaw remediation, directly addressing the hardcoded sensitive data in HCL Aftermarket DPC via vendor patches or code fixes as detailed in the HCL advisory.

RA-5 Vulnerability Monitoring and Scanning good match
detect

RA-5 requires vulnerability scanning that identifies CVE-2025-55263 and CWE-798 hardcoded secrets in software components.

SA-15 Development Process, Standards, and Tools partial match
prevent

SA-15 enforces secure development processes, standards, and tools like static analysis to prevent embedding sensitive data in source code.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Hardcoded secrets in source code directly expose credentials in files (T1552.001), enabling retrieval and subsequent use for unauthorized access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets.

Deeper analysisAI

CVE-2025-55263 is a Hardcoded Sensitive Data vulnerability (CWE-798) affecting HCL Aftermarket DPC. The issue involves sensitive data embedded directly in the software's source code, which, if stored in insecure repositories, enables attackers to access these hardcoded secrets. Published on 2026-03-26, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H), indicating high severity due to significant confidentiality and availability impacts.

An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L), but it requires user interaction (UI:R), such as clicking a malicious link or opening a file. Successful exploitation allows the attacker to retrieve hardcoded secrets from the source code or insecure repositories, potentially leading to unauthorized access to sensitive information, system compromise, or further attacks leveraging those credentials.

The HCL advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793 provides details on mitigation, likely including patches or remediation steps for HCL Aftermarket DPC.

Details

CWE(s)
CWE-798

Affected Products

hcltech
aftermarket cloud
1.0.0

CVEs Like This One

CVE-2025-55262Same product: Hcltech Aftermarket Cloud
CVE-2025-55265Same product: Hcltech Aftermarket Cloud
CVE-2025-55271Same product: Hcltech Aftermarket Cloud
CVE-2025-55269Same product: Hcltech Aftermarket Cloud
CVE-2025-55275Same product: Hcltech Aftermarket Cloud
CVE-2025-55270Same product: Hcltech Aftermarket Cloud
CVE-2025-55261Same product: Hcltech Aftermarket Cloud
CVE-2025-55267Same product: Hcltech Aftermarket Cloud
CVE-2024-42168Same vendor: Hcltech
CVE-2024-30150Same vendor: Hcltech

References