CVE-2025-62329

MEDIUM EPSS 5.6%

Published Dec 16, 20256mo ago · Modified Jun 17, 20261w ago

5.6 CVSS 3.1

Medium

Published Dec 16, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

CVSS Details

Base Score

5.6

Exploitability

2.2

Impact

3.4

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

5.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-613

Affected Products 3

Vendor	Product	Version	Range
hcltechsw	hcl_devops_deploy	*	≥8.0.0.0 – <8.0.1.11
hcltechsw	hcl_devops_deploy	*	≥8.1.0 – <8.1.2.4
hcltechsw	hcl_launch	*	≥7.3.0.0 – <7.3.2.16

References 1

support.hcl-software.com https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.