Authentication Vulnerability in HCL DevOps Loop Middleware
CVE-2025-55278

8.1HIGH

Key Information:

Vendor: HCL Software Software
Status: Devops Loop
Vendor: CVE Published:; 5 November 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-55278?

The authentication middleware in HCL DevOps Loop has been found to improperly handle API authentication tokens. This flaw allows the system to accept tokens that do not properly validate their expiration date or cryptographic signature. An adversary could exploit this vulnerability to utilize expired or manipulated tokens, leading to unauthorized access to sensitive resources and the ability to carry out actions with elevated privileges. Users of HCL DevOps Loop should be aware of this security risk and ensure that they follow best practices for API security and token management.

Affected Version(s)

DevOps Loop 1.0.2

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Aug 12, 2025

JSON