CNNVD-202512-3195 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3195

CVE-2025-55254

CNNVD Published: 2025-12-17

Description (Chinese)

HCL Launch和HCL DevOps Deploy都是印度HCL公司的产品。HCL Launch是一款多功能的企业级持续交付自动化软件。用于处理 DevOps 中最复杂的部署流程。HCL DevOps Deploy是一款应用程序。可以使用灵活的基于团队和基于角色的安全模型，映射到您的组织结构。 HCL Launch和HCL DevOps Deploy存在安全漏洞，该漏洞源于路径相关样式表导入管理不当，可能导致执行恶意代码。

Description (English)

HCL Launch and HCL DevOps Deploy are products of HCL India. HCL Launch is a multifunctional enterprise-level, continuous delivery automation software. For the most complex deployment process in DevOps. HCL DevOps Deploy is an application. A flexible team- and role-based security model can be used to map your organizational structure. There is a security loophole between HCL Launch and HCL DevOps Deploy, which stems from inappropriate management of the import of routing-related stylesheets, which may lead to the implementation of malicious codes.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

HCL

Published

2025-12-17

Last Modified

2026-02-24

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Patch

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127332

Share on: