CVE-2025-31991

Summary

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability is fixed in 5.1.7.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareVelocity<.5.1.7affected

Weaknesses

  • CWE-307: CWE-307 Improper restriction of excessive authentication attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References