High severity8.1NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026
CVE-2025-55278
CVE-2025-55278
Description
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.