CVE Catalog
CVE-2025-63402
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.32%
24th percentile - higher than 24% of all known CVEs
Summary
A vulnerability in HCLTech GRAGON before version 7.6.0 allows a remote attacker to execute arbitrary code via APIs that do not enforce limits on the number or size of requests.
Risk Assessment
An attacker can exploit this vulnerability to take control of the system, leading to a breach of confidentiality, integrity, and availability of organizational data.
Recommendation
Immediately update HCLTech GRAGON to version 7.6.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests

