cbcvebase.

Hcltech Aion vulnerabilities

29 known vulnerabilities affecting hcltech/aion.

Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM13

Vulnerabilities

Page 2 of 2
CVE-2025-52649P4MEDIUMCVSS 5.3≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52649 [MEDIUM] CWE-200 CVE-2025-52649: HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Pred HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.
nvd
CVE-2025-52624P4MEDIUMCVSS 6.1v2.0.02025-10-10
CVE-2025-52624 [MEDIUM] CWE-1032 CVE-2025-52624: A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configur A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
nvd
CVE-2025-52661P4MEDIUMCVSS 5.3v2.0.02026-01-19
CVE-2025-52661 [MEDIUM] CWE-613 CVE-2025-52661: HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the r HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
nvd
CVE-2025-52629P4MEDIUMCVSS 6.1v2.0.02026-02-03
CVE-2025-52629 [MEDIUM] CWE-1032 CVE-2025-52629: HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may inc HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
nvd
CVE-2025-52633P4MEDIUMCVSS 5.3v2.0.02026-02-03
CVE-2025-52633 [MEDIUM] CWE-539 CVE-2025-52633: HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. I HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.
nvd
CVE-2025-55249P4MEDIUMCVSS 5.3v2.0.02026-01-19
CVE-2025-55249 [MEDIUM] CWE-693 CVE-2025-55249: HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard s HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.
nvd
CVE-2025-52641P4MEDIUMCVSS 5.3≥ 2.0.0, < 2.1.22026-04-15
CVE-2025-52641 [MEDIUM] CWE-209 CVE-2025-52641: HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of int HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.
nvd
CVE-2025-55250P4MEDIUMCVSS 5.3v2.0.02026-01-19
CVE-2025-55250 [MEDIUM] CWE-209 CVE-2025-55250: HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensit HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
nvd
CVE-2025-52645P4MEDIUMCVSS 5.3≥ 2.0.0, < 2.1.22026-03-16
CVE-2025-52645 [MEDIUM] CWE-345 CVE-2025-52645: HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not in HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.
nvd
Hcltech Aion vulnerabilities | cvebase