HCL Aftermarket DPC Missing Access Control Vulnerability (CVE-2025-55261)
A missing functional level access control vulnerability in HCL Aftermarket DPC (CVE-2025-55261) allows an attacker to escalate privileges, potentially compromising the application and leading to data theft or manipulation.
CVE-2025-55261 describes a critical vulnerability affecting HCL Aftermarket DPC. The vulnerability stems from a missing functional level access control, enabling an attacker to escalate their privileges within the application. This escalation could lead to a full compromise of the HCL Aftermarket DPC system. This vulnerability was published on March 26, 2026, and poses a significant risk to organizations utilizing the affected software. Successful exploitation could result in unauthorized…
Detection coverage 2
Detect Suspicious HCL DPC Access Attempts
highDetects attempts to access sensitive HCL DPC resources without proper authorization based on HTTP response codes.
Detect HCL DPC Configuration Changes via Web Request
mediumDetects suspicious web requests attempting to modify HCL DPC configurations, potentially indicating privilege escalation.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1