CVE-2025-55278

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions HCL DevOps Loop (affected versions not specified)

Description The API authentication middleware in HCL DevOps Loop does not properly validate authentication tokens, specifically regarding their expiration and cryptographic signature. This could allow an attacker to use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-613

Related Identifiers

CVE-2025-55278

Affected Products

Hcl Devops Loop

CVE-2025-55278

Weakness Enumeration

Related Identifiers

Affected Products

References · 4