Medium severity6.8NVD Advisory· Published Feb 7, 2026· Updated Apr 15, 2026
CVE-2025-31990
CVE-2025-31990
Description
Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7.
Affected products
1- Range: <5.1.7
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.