CVE-2025-62313
published 2026-05-14CVE-2025-62313: HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication…
PriorityP425medium5.4CVSS 3.1
AVAACLPRNUINSUCNILAL
EPSS
0.18%
7.2th percentile
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hcl | aion | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j49v-863r-6fh8: HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced
ghsa_unreviewed·2026-05-14
CVE-2025-62313 [MEDIUM] CWE-307 GHSA-j49v-863r-6fh8: HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.
VulDB
HCL AION 2.1.0 excessive authentication (KB0130636)
vuldb·2026-05-14·CVSS 5.4
CVE-2025-62313 [MEDIUM] HCL AION 2.1.0 excessive authentication (KB0130636)
A vulnerability described as problematic has been identified in HCL AION 2.1.0. Affected by this issue is some unknown functionality. Such manipulation leads to improper restriction of excessive authentication attempts.
This vulnerability is traded as CVE-2025-62313. Access to the local network is required for this attack to succeed. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published