CVE-2025-62311
published 2026-05-14CVE-2025-62311: HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to…
PriorityP419medium4.3CVSS 3.1
AVAACHPRLUIRSUCLILAL
EPSS
0.08%
0.3th percentile
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hcl | aion | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
HCL AION 2.1.0 Backend Service cleartext transmission (KB0130636)
vuldb·2026-05-14·CVSS 4.3
CVE-2025-62311 [MEDIUM] HCL AION 2.1.0 Backend Service cleartext transmission (KB0130636)
A vulnerability was found in HCL AION 2.1.0. It has been rated as problematic. The impacted element is an unknown function of the component Backend Service. Performing a manipulation results in cleartext transmission of sensitive information.
This vulnerability is cataloged as CVE-2025-62311. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-rm7f-v2gq-q2mw: HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels
ghsa_unreviewed·2026-05-14
CVE-2025-62311 [MEDIUM] CWE-319 GHSA-rm7f-v2gq-q2mw: HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published