Remote Command Execution Vulnerability in HCL DevOps Deploy by HCL
CVE-2025-0255

7.2HIGH

Key Information:

Vendor: HCL Software Software
Status: HCL Software Devops Deploy / HCL Software Launch
Vendor: CVE Published:; 24 March 2025

Summary

A security flaw in HCL DevOps Deploy and HCL Launch allows a remote privileged authenticated attacker to execute arbitrary commands on the system. This vulnerability arises from the handling of specially crafted input that includes specific elements that can manipulate the system's execution flow, posing a significant risk to the integrity and security of the affected environments.

Affected Version(s)

HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.25; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1.0.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Jan 6, 2025