Brute-Force Attack Vulnerability in HCL DevOps Velocity
CVE-2025-31991

6.8MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Velocity
Vendor: CVE Published:; 13 April 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-31991?

A vulnerability in HCL DevOps Velocity allows attackers to bypass rate limiting on user login attempts, exposing the system to brute-force attacks. This oversight permits an unlimited number of login attempts, undermining the integrity of user authentication. The issue was identified in versions prior to 5.1.7 and can lead to unauthorized access if not addressed. Users are advised to update to the latest version to safeguard their applications against potential security breaches.

Affected Version(s)

Velocity <.5.1.7

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31991 Data

JSON