CVE-2025-31991
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
In HCL DevOps Velocity, the rate limiting mechanism for login attempts is not properly enforced, allowing brute-force attacks after exceeding the unsuccessful login attempt limit. This vulnerability is fixed in version 5.1.7.
Risk Assessment
The organization is at risk of user account compromise through brute-force attacks, potentially leading to unauthorized access to sensitive data and systems.
Recommendation
Immediately upgrade HCL DevOps Velocity to version 5.1.7 or later, which includes the fix for this vulnerability.
Original NVD description (English source)
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7.

