Low
CVSS 3.3
Overview
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability. A token was not invalidated which may allow attackers to access sensitive data without authorization.
CVE-2025-0249
HCL IEM is affected by an improper invalidation of access or JWT token vulnerabi...
Risk analysis
This vulnerability is rated 🟢 LOW.
- CVSS: 3.3 (LOW)
- Detected tags: jwt, unauth_access (tag impact: HIGH)
Recommended actions:
- Use strong algorithms (HS256/RS256), rotate secrets, short expiries.
- Enforce authentication/authorization; reduce default endpoint exposure.