CVE-2025-31991

MEDIUM NVD

CVSS Score 6.8

Severity MEDIUM

Published Apr 13, 2026

Vendor unknown

Description

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130138