CVE Catalog

CVE-2025-63402

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

A vulnerability in HCLTech GRAGON before version 7.6.0 allows a remote attacker to execute arbitrary code via APIs that do not enforce limits on the number or size of requests.

Risk Assessment

An attacker can exploit this vulnerability to take control of the system, leading to a breach of confidentiality, integrity, and availability of organizational data.

Recommendation

Immediately update HCLTech GRAGON to version 7.6.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests

Vulnerability data from NVD (NIST) · CISA KEV · EPSS