Credential Exposure in HCL DevOps Deploy by HCL Technologies
CVE-2025-62327

4.9MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Devops Deploy
Vendor: CVE Published:; 7 January 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-62327?

In HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3, users with limited configuration management privileges can potentially recover previously saved credentials used for authenticated LLM queries. This issue raises concerns about sensitive credential leakage, which may lead to unauthorized access and compromise of sensitive data.

Affected Version(s)

DevOps Deploy 8.1 - 8.1.2.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2026
Vulnerability Reserved
Oct 10, 2025

CVE-2025-62327 Data

JSON