CVE-2025-63402 – This vulnerability in HCLTech GRAGON allows rem... (How to Fix)

Q: What is the severity of CVE-2025-63402?

CVE-2025-63402 has a CVSS score of 5.5 (MEDIUM). This vulnerability in HCLTech GRAGON allows remote attackers to execute arbitrary code by exploiting APIs that lack proper request size or number limits. It affects all systems running HCLTech GRAGON versions before 7.6.0. Attackers can potentially take full control of affected systems.

📋 TL;DR

This vulnerability in HCLTech GRAGON allows remote attackers to execute arbitrary code by exploiting APIs that lack proper request size or number limits. It affects all systems running HCLTech GRAGON versions before 7.6.0. Attackers can potentially take full control of affected systems.

💻 Affected Systems

Products:

HCLTech GRAGON

Versions: All versions before 7.6.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Dragon by Hcltech

View all CVEs affecting Dragon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or lateral movement across the network.

🟠

Likely Case

Service disruption, data manipulation, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact with proper network segmentation and API rate limiting in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests exploitation is straightforward via API requests without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.6.0

Vendor Advisory: https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyVd/ckzaFpdm68dwd1nWqgtLfXHp3Pim_YwLUI4WcRB__Ng

Restart Required: Yes

Instructions:

1. Download HCLTech GRAGON version 7.6.0 from official HCL sources. 2. Backup current configuration and data. 3. Stop the GRAGON service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

Implement API Rate Limiting

all

Configure web application firewall or reverse proxy to limit request size and rate for GRAGON APIs.

Network Segmentation

all

Restrict network access to GRAGON APIs to only trusted internal networks.

🧯 If You Can't Patch

Isolate the GRAGON system from internet access and restrict to internal network only.
Implement strict API monitoring and alerting for abnormal request patterns.

🔍 How to Verify

Check if Vulnerable:

Check the GRAGON version via admin interface or configuration files. If version is below 7.6.0, the system is vulnerable.

Check Version:

Check GRAGON admin console or configuration files for version information.

Verify Fix Applied:

Confirm the installed version is 7.6.0 or higher through the admin interface or version command.

📡 Detection & Monitoring

Log Indicators:

Unusually large API requests
High frequency of API calls from single sources
Error logs showing request size limit violations

Network Indicators:

Abnormal traffic patterns to GRAGON API endpoints
Large payloads sent to GRAGON services

SIEM Query:

source="gragon" AND (request_size>1000000 OR request_count>1000)

📊 Metadata

CVE ID: CVE-2025-63402

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-770

EPSS Score: 0.34% exploit probability (56.2th percentile)

Published: December 3, 2025

Last Updated: December 18, 2025

🔗 References

http://hcl.com Product
http://hcltech.com Product
https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyVd/ckzaFpdm68dwd1nWqgtLfXHp3Pim_YwLUI4WcRB__Ng Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63402, you might also want to check these: