We don’t use HCM but I just got an alert so figured I’d put it here.
Epicor KB link in the email is EpicCare Login - EpicCare
Text as follows (hopefully not against the rules to copy it in):
A SQL injection vulnerability has been discovered in Epicor HCM. CVE-2025-22953 has been published to document the issue. A recent HCM patch includes a fix for this issue.
For current versions of the system 5.16-5.18, we are providing standard patches:
** 5.16.0.1033/HCM2022*
** 5.17.0.1146/HCM2023*
** 5.18.0.573/HCM2024*
Epicor is providing patches for versions 5.7.1-5.15 for the security issue. All the patches are cumulative.