CVE-2025-0272

HIGH EPSS 12.2%

Published Apr 3, 20251y ago · Modified Jun 17, 20261w ago

7.6 CVSS 3.1

High

Published Apr 3, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVSS Details

Base Score

7.6

Exploitability

2.3

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

12.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-80

Affected Products 6

Vendor	Product	Version	Range
hcltechsw	hcl_devops_deploy	*	≥8.0.0.0 – <8.0.1.5
hcltechsw	hcl_devops_deploy	*	≥8.1.0 – <8.1.0.1
hcltechsw	hcl_launch	*	≥7.0.0.0 – ≤7.0.5.26
hcltechsw	hcl_launch	*	≥7.1.0.0 – <7.1.2.22
hcltechsw	hcl_launch	*	≥7.2.0.0 – <7.2.3.15
hcltechsw	hcl_launch	*	≥7.3.0.0 – ≤7.3.2.9

References 1

support.hcl-software.com https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.