{"cve_id":"CVE-2025-55264","summary":"HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00031,"ranking_epss":0.08904,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"],"published_time":"2026-03-26T14:16:08","cpes":["cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0"]}