Race Condition Vulnerability in HCL DevOps Deploy and HCL Launch
CVE-2025-62329

5MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Devops Deploy / Launch
Vendor: CVE Published:; 16 December 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-62329?

HCL DevOps Deploy and HCL Launch are affected by a race condition flaw related to HTTP session client-IP binding enforcement. This vulnerability may allow a session to be reused from a new IP address briefly before the session is invalidated. As a consequence, under specific network conditions, this could lead to unauthorized access, enhancing potential risks if exploited by attackers seeking to manipulate access controls.

Affected Version(s)

DevOps Deploy / Launch 7.3 - 7.3.2.15; 8.0 - 8.0.1.10; 8.1 - 8.1.2.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Oct 10, 2025

JSON