Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025

CVE-2025-63401

Description

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

Affected products

HCL TECH DRAGON/Hcltech Dragoninferred2 versions
<7.6.0+ 1 more
- (no CPE)range: <7.6.0
- (no CPE)range: <7.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hcl.commitre
hcltech.commitre
excalibur-hcl.my.salesforce.com/sfc/p/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000