cbcvebase.
CVE-2025-52628
published 2026-02-03

CVE-2025-52628: HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests…

PriorityP342high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.19%
8.9th percentile
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
hclaion
hcltechaion
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.