Unauthorized Database Access in HCL Compass by HCL Technologies
CVE-2025-0280

7.5HIGH

Key Information:

Status
Vendor
CVE Published:
3 September 2025

What is CVE-2025-0280?

A vulnerability in HCL Compass has been identified that allows attackers to gain unauthorized access to the underlying database. This can lead to exposure and manipulation of sensitive data, posing serious risks to data integrity and confidentiality. Admins are advised to assess their environments and take steps to mitigate potential exploitation.

Affected Version(s)

Compass <= 2.2.7

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.