CVE-2025-62309
published 2026-05-14CVE-2025-62309: HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be…
PriorityP410low2.6CVSS 3.1
AVAACHPRLUIRSCCLINAN
EPSS
0.11%
1.9th percentile
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hcl | aion | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
HCL AION 2.1.0 insertion of sensitive information into sent data (KB0130636)
vuldb·2026-05-14·CVSS 2.6
CVE-2025-62309 [LOW] HCL AION 2.1.0 insertion of sensitive information into sent data (KB0130636)
A vulnerability was found in HCL AION 2.1.0. It has been declared as problematic. This impacts an unknown function. Executing a manipulation can lead to insertion of sensitive information into sent data.
This vulnerability is tracked as CVE-2025-62309. The attack is only possible within the local network. No exploit exists.
GHSA
GHSA-g36x-vg49-93vr: HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields
ghsa_unreviewed·2026-05-14
CVE-2025-62309 [LOW] CWE-201 GHSA-g36x-vg49-93vr: HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published