Hcltech Aion vulnerabilities
29 known vulnerabilities affecting hcltech/aion.
Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM13
Vulnerabilities
Page 1 of 2
CVE-2025-52626P2CRITICALCVSS 9.8v2.0.02026-02-03
CVE-2025-52626 [CRITICAL] CWE-78 CVE-2025-52626: A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command exe
A Potential Command Injection vulnerability in HCL AION.
An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
nvd
CVE-2025-52660P2CRITICALCVSS 9.8v2.0.02026-01-19
CVE-2025-52660 [CRITICAL] CWE-644 CVE-2025-52660: HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file upl
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
nvd
CVE-2025-55251P2CRITICALCVSS 9.8v2.0.02026-01-19
CVE-2025-55251 [CRITICAL] CWE-434 CVE-2025-55251: HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file upl
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
nvd
CVE-2025-55252P3CRITICALCVSS 9.8v2.0.02026-01-19
CVE-2025-55252 [CRITICAL] CWE-521 CVE-2025-55252: HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
nvd
CVE-2025-52635P3CRITICALCVSS 9.8v2.0.02025-10-10
CVE-2025-52635 [CRITICAL] CWE-1032 CVE-2025-52635: A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This
A
rusted types in scripts not enforced in CSP vulnerability has been identified
in HCL AION.This issue affects AION: 2.0.
nvd
CVE-2025-52625P3HIGHCVSS 7.5v2.0.02025-10-10
CVE-2025-52625 [HIGH] CWE-525 CVE-2025-52625: A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached
A vulnerability
Cacheable SSL Page Found vulnerability has been identified
in HCL AION.
Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser
This issue affects AION: 2.0.
nvd
CVE-2025-52644P3HIGHCVSS 8.2≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52644 [HIGH] CWE-778 CVE-2025-52644: HCL AION is affected by a vulnerability where certain user actions are not adequately audited or log
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
nvd
CVE-2025-52631P3HIGHCVSS 8.1v2.0.02026-02-03
CVE-2025-52631 [HIGH] CWE-200 CVE-2025-52631: HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerabi
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
nvd
CVE-2025-52627P3HIGHCVSS 7.5v2.0.02026-02-03
CVE-2025-52627 [HIGH] CWE-732 CVE-2025-52627: Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended mod
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
nvd
CVE-2025-52628P3HIGHCVSS 8.8v2.0.02026-02-03
CVE-2025-52628 [HIGH] CWE-1275 CVE-2025-52628: HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This ca
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
nvd
CVE-2025-52643P3HIGHCVSS 7.8≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52643 [HIGH] CWE-693 CVE-2025-52643: HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed wit
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.
nvd
CVE-2025-52659P3HIGHCVSS 7.5v2.0.02026-01-19
CVE-2025-52659 [HIGH] CWE-525 CVE-2025-52659: HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintend
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
nvd
CVE-2025-52634P3HIGHCVSS 7.5v2.0.02025-10-10
CVE-2025-52634 [HIGH] CWE-200 CVE-2025-52634: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affe
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
nvd
CVE-2025-52630P3HIGHCVSS 7.5v2.0.02025-10-10
CVE-2025-52630 [HIGH] CWE-200 CVE-2025-52630: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affe
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
nvd
CVE-2025-52636P3HIGHCVSS 7.5≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52636 [HIGH] CWE-400 CVE-2025-52636: HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper cont
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.
nvd
CVE-2025-52632P3HIGHCVSS 7.5v2.0.02025-10-10
CVE-2025-52632 [HIGH] CWE-614 CVE-2025-52632: A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue af
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
nvd
CVE-2025-52623P3MEDIUMCVSS 6.5v2.0.02026-02-03
CVE-2025-52623 [MEDIUM] CWE-522 CVE-2025-52623: HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.
nvd
CVE-2025-52642P4MEDIUMCVSS 6.5≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52642 [MEDIUM] CWE-538 CVE-2025-52642: HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through appli
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
nvd
CVE-2025-52650P4MEDIUMCVSS 6.1v2.0.02025-10-10
CVE-2025-52650 [MEDIUM] CWE-1032 CVE-2025-52650: Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
nvd
CVE-2025-52646P4MEDIUMCVSS 5.3≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52646 [MEDIUM] CWE-89 CVE-2025-52646: HCL AION is affected by a vulnerability where certain offering configurations may permit execution o
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
nvd
1 / 2Next →