Cleartext Transmission Vulnerability in HCL DevOps Deploy
CVE-2025-62330

5.9MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Devops Deploy
Vendor: CVE Published:; 16 December 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-62330?

HCL DevOps Deploy poses a security risk due to its failure to redirect HTTP connections to HTTPS, leaving sensitive information transmitted over the network in clear text. This vulnerability allows attackers with network access to potentially intercept or alter user credentials and session-related data. Organizations using this product are advised to address this vulnerability promptly to safeguard sensitive information against passive observations and man-in-the-middle attacks.

Affected Version(s)

DevOps Deploy 8.1 - 8.1.2.3

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Oct 10, 2025

JSON