CVE-2025-31991 | THREATINT

Description

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7.

PUBLISHED Reserved 2025-04-01 | Published 2026-04-13 | Updated 2026-04-13 | Assigner HCL

MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Problem types

CWE-307 Improper restriction of excessive authentication attempts

Product status

Default status

unaffected

<.5.1.7

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0130138

cve.org (CVE-2025-31991)

nvd.nist.gov (CVE-2025-31991)

Download JSON