CVE-2025-55264

Description

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.

References

• https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793