CVE-2025-62316
published 2026-05-14CVE-2025-62316: HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce…
PriorityP411low2.3CVSS 3.1
AVAACHPRLUIRSUCLINAN
EPSS
0.11%
1.3th percentile
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hcl | aion | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-76qx-w8jc-9p87: HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured
ghsa_unreviewed·2026-05-14
CVE-2025-62316 [LOW] CWE-1021 GHSA-76qx-w8jc-9p87: HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.
VulDB
HCL AION 2.1.0 HTTP Response Header ui layer (KB0130636)
vuldb·2026-05-14·CVSS 2.3
CVE-2025-62316 [LOW] HCL AION 2.1.0 HTTP Response Header ui layer (KB0130636)
A vulnerability classified as problematic has been found in HCL AION 2.1.0. This affects an unknown part of the component HTTP Response Header Handler. Performing a manipulation results in improper restriction of rendered ui layers.
This vulnerability is known as CVE-2025-62316. Remote exploitation of the attack is possible. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published