Cyber Posture

CVE-2025-55275

Low

Published: 26 March 2026

Published
26 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
EPSS Score 0.0001 2.3th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55275 is a low-severity an unspecified weakness vulnerability in Hcltech Aftermarket Cloud. Its CVSS base score is 3.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Token Impersonation/Theft (T1134.001); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-10 (Concurrent Session Control) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Token Impersonation/Theft (T1134.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-10 Concurrent Session Control good match
prevent

Directly limits concurrent sessions per user or account type, preventing exploitation of admin session concurrency vulnerabilities.

SC-23 Session Authenticity good match
prevent

Ensures authenticity of communications sessions, mitigating hijacking or impersonation via session manipulation.

AC-12 Session Termination partial match
prevent

Enforces session termination after inactivity or specific conditions, reducing the window for concurrent session exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1134.001 Token Impersonation/Theft Stealth
Adversaries may duplicate then impersonate another user's existing token to escalate privileges and bypass access controls.
attack.mitre.org →
T1563 Remote Service Session Hijacking Lateral Movement
Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
attack.mitre.org →
Why these techniques?

Session concurrency flaw directly enables admin impersonation/hijacking via shared session state manipulation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

Deeper analysisAI

CVE-2025-55275 is an Admin Session Concurrency vulnerability affecting HCL Aftermarket DPC. This flaw allows an attacker to exploit concurrent sessions, enabling them to hijack or impersonate an admin user. The vulnerability is classified under CWE-557 and has a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L), indicating low severity with primarily confidentiality impacts.

Exploitation requires network access and low privileges (such as an authenticated low-privilege user account), but demands high attack complexity and user interaction. A successful attack could allow the adversary to impersonate an administrator through session manipulation, potentially leading to limited unauthorized access to confidential information without affecting integrity or availability.

The HCL support advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793 provides details on mitigation and patches for this vulnerability. Security practitioners should consult this resource for specific remediation steps applicable to affected HCL Aftermarket DPC deployments.

Details

CWE(s)
CWE-557

Affected Products

hcltech
aftermarket cloud
1.0.0

CVEs Like This One

CVE-2025-55267Same product: Hcltech Aftermarket Cloud
CVE-2025-55262Same product: Hcltech Aftermarket Cloud
CVE-2025-55270Same product: Hcltech Aftermarket Cloud
CVE-2025-55265Same product: Hcltech Aftermarket Cloud
CVE-2025-55271Same product: Hcltech Aftermarket Cloud
CVE-2025-55261Same product: Hcltech Aftermarket Cloud
CVE-2025-55269Same product: Hcltech Aftermarket Cloud
CVE-2025-55263Same product: Hcltech Aftermarket Cloud
CVE-2025-52636Same vendor: Hcltech
CVE-2024-30150Same vendor: Hcltech

References