Aion
by HCLTech
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55249 | Low | 0.23 | 3.5 | 0.00 | Jan 19, 2026 | HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. | ||
| CVE-2025-52642 | Low | 0.21 | 3.3 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information… | ||
| CVE-2025-62312 | Low | 0.20 | 3.0 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices. | ||
| CVE-2025-52633 | Low | 0.20 | 3.1 | 0.00 | Feb 3, 2026 | HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | ||
| CVE-2025-55252 | Low | 0.20 | 3.1 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access | ||
| CVE-2025-55251 | Low | 0.20 | 3.1 | 0.00 | Jan 19, 2026 | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | ||
| CVE-2025-52641 | Low | 0.19 | 2.9 | 0.00 | Apr 15, 2026 | HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited… | ||
| CVE-2025-52660 | Low | 0.18 | 2.7 | 0.00 | Jan 19, 2026 | HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | ||
| CVE-2025-52659 | Low | 0.18 | 2.8 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure. | ||
| CVE-2025-62317 | Low | 0.17 | 2.6 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain… | ||
| CVE-2025-62309 | Low | 0.17 | 2.6 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions. | ||
| CVE-2025-52661 | Low | 0.16 | 2.4 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. | ||
| CVE-2025-62316 | Low | 0.15 | 2.3 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under… | ||
| CVE-2025-52646 | Low | 0.14 | 2.2 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information… | ||
| CVE-2025-52649 | Low | 0.12 | 1.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific… | ||
| CVE-2025-52645 | Low | 0.12 | 1.9 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or… | ||
| CVE-2025-52636 | Low | 0.12 | 1.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain… | ||
| CVE-2025-55250 | Low | 0.12 | 1.8 | 0.00 | Jan 19, 2026 | HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. | ||
| CVE-2025-52648 | 0.00 | — | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system | |||
| CVE-2025-52638 | 0.00 | — | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning… |
- risk 0.23cvss 3.5epss 0.00
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.
- risk 0.21cvss 3.3epss 0.00
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information…
- risk 0.20cvss 3.0epss 0.00
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.
- risk 0.20cvss 3.1epss 0.00
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.
- risk 0.20cvss 3.1epss 0.00
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
- risk 0.20cvss 3.1epss 0.00
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
- risk 0.19cvss 2.9epss 0.00
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited…
- risk 0.18cvss 2.7epss 0.00
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
- risk 0.18cvss 2.8epss 0.00
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
- risk 0.17cvss 2.6epss 0.00
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain…
- risk 0.17cvss 2.6epss 0.00
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.
- risk 0.16cvss 2.4epss 0.00
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
- risk 0.15cvss 2.3epss 0.00
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under…
- risk 0.14cvss 2.2epss 0.00
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information…
- risk 0.12cvss 1.8epss 0.00
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific…
- risk 0.12cvss 1.9epss 0.00
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or…
- risk 0.12cvss 1.8epss 0.00
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain…
- risk 0.12cvss 1.8epss 0.00
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
- CVE-2025-52648Mar 16, 2026risk 0.00cvss —epss 0.00
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system
- CVE-2025-52638Mar 16, 2026risk 0.00cvss —epss 0.00
HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning…
Page 2 of 3