Improper Invalidation of Access Token in HCL IEM
CVE-2025-0249

3.3LOW

Key Information:

Vendor: HCL Software Software
Status: Iem
Vendor: CVE Published:; 25 July 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-0249?

HCL IEM is susceptible to a vulnerability that arises from the improper invalidation of access tokens, specifically JSON Web Tokens (JWTs). This flaw can be exploited by attackers to gain unauthorized access to sensitive data, as tokens may remain valid even after they should be revoked. Organizations using HCL IEM should review their token management strategies to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IEM 1.2

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jan 6, 2025

JSON

HCL Software Software