Unauthorized Database Access in HCL Compass by HCL Technologies
CVE-2025-0280

7.5HIGH

Key Information:

Vendor: HCL Software Software
Status: Compass
Vendor: CVE Published:; 3 September 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-0280?

A vulnerability in HCL Compass has been identified that allows attackers to gain unauthorized access to the underlying database. This can lead to exposure and manipulation of sensitive data, posing serious risks to data integrity and confidentiality. Admins are advised to assess their environments and take steps to mitigate potential exploitation.

Affected Version(s)

Compass <= 2.2.7

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Jan 6, 2025