Aion
Sign in to watchby HCLTech
CVEs (29)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52641 | Low | 0.19 | 2.9 | 0.00 | Apr 15, 2026 | HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure. | |
| CVE-2025-52660 | Low | 0.18 | 2.7 | 0.00 | Jan 19, 2026 | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |
| CVE-2025-52659 | Low | 0.18 | 2.8 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure. | |
| CVE-2025-52661 | Low | 0.16 | 2.4 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. | |
| CVE-2025-52646 | Low | 0.14 | 2.2 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | |
| CVE-2025-52649 | Low | 0.12 | 1.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. | |
| CVE-2025-52645 | Low | 0.12 | 1.9 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour. | |
| CVE-2025-52636 | Low | 0.12 | 1.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios. | |
| CVE-2025-55250 | Low | 0.12 | 1.8 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. |
Page 2 of 2