Denial of Service Vulnerability in HCL Velocity by HCL Technologies
CVE-2025-31990

6.8MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: HCL Software Devops Velocity
Vendor: CVE Published:; 7 February 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-31990?

HCL Velocity is susceptible to Denial of Service (DoS) attacks as it lacks proper rate limiting for specific API calls. This oversight allows attackers to inundate the system with excessive requests, potentially overwhelming its resources. As a result, legitimate users may experience service disruptions or unresponsiveness. It is crucial to implement the patch in version 5.1.7 to mitigate this vulnerability.

Affected Version(s)

HCL DevOps Velocity <5.1.7

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31990 Data

JSON