Hcl Aion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hcl Aion.
By the Year
In 2026 there have been 24 vulnerabilities in Hcl Aion with an average score of 3.5 out of ten. Last year, in 2025 Aion had 4 security vulnerabilities published. That is, 20 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.73
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 24 | 3.53 |
| 2025 | 4 | 5.25 |
It may take a day or so for new Aion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcl Aion Security Vulnerabilities
HCL AION Path Disclosure via Application Response
CVE-2025-52642
3.3 - Low
- March 16, 2026
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
Insertion of Sensitive Information into Externally-Accessible File or Directory
SQL Injection via Offering Config in HCL AION
CVE-2025-52646
2.2 - Low
- March 16, 2026
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
SQL Injection
Missing Auth Verification in HCL AION Model Pack (CVE-2025-52645)
CVE-2025-52645
1.9 - Low
- March 16, 2026
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.
Insufficient Verification of Data Authenticity
Predictable Identifier Vulnerability in HCL AION
CVE-2025-52649
1.8 - Low
- March 16, 2026
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.
Information Disclosure
HCL AION Audit Log Deficiency (CVE-2025-52644)
CVE-2025-52644
5.8 - Medium
- March 16, 2026
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
Insufficient Logging
Untrusted File Parsing in HCL AION without proper sandbox
CVE-2025-52643
4.7 - Medium
- March 16, 2026
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.
Protection Mechanism Failure
HCL AION Upload Size Misvalidation Causing Potential DoS
CVE-2025-52636
1.8 - Low
- March 16, 2026
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.
Resource Exhaustion
HCL AION: Unsigned Images Risk Tampered Deployments
CVE-2025-52648
4.8 - Medium
- March 16, 2026
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system
Improper Verification of Cryptographic Signature
AION Container Base Image auth bypass in HCL AION
CVE-2025-52638
5.6 - Medium
- March 16, 2026
HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.
Insufficient Verification of Data Authenticity
SQLi in HCL AION Offering Configs Enables Arbitrary DB Queries
CVE-2025-52637
4.5 - Medium
- March 16, 2026
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
SQL Injection
HCL AION 2.0 Missing HSTS Header Vulnerability
CVE-2025-52631
3.7 - Low
- February 03, 2026
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
Information Disclosure
HCL AION 2.0 Autocomplete ON Password Field CVE-2025-52623
CVE-2025-52623
3.7 - Low
- February 03, 2026
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.
Insufficiently Protected Credentials
HCL AION 2.0 SameSite Cookie Issue Enables CSRF Exposure
CVE-2025-52628
4.6 - Medium
- February 03, 2026
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
Sensitive Cookie with Improper SameSite Attribute
HCL AION 2.0 Cookie Sensitive Session Info Vulnerability CVE-2025-52633
CVE-2025-52633
3.1 - Low
- February 03, 2026
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.
Use of Persistent Cookies Containing Sensitive Information
HCL AION 2.0: Missing CSP Header (XSS Risk)
CVE-2025-52629
3.7 - Low
- February 03, 2026
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
OWASP Top Ten 2017 Category A6 - Security Misconfiguration
Command Injection in HCL AION 2.0 (CVE-2025-52626)
CVE-2025-52626
4.5 - Medium
- February 03, 2026
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
Shell injection
AION 2.0 Root FS Not Read-Only Allowing Critical File Modifications
CVE-2025-52627
5.5 - Medium
- February 03, 2026
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
Incorrect Permission Assignment for Critical Resource
HCL AION 2 Weak Password Policy Vulnerability Allows Guessable Passwords
CVE-2025-55252
3.1 - Low
- January 19, 2026
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
Weak Password Requirements
HCL AION 2 Info Disclosure via Technical Error Exposure
CVE-2025-55250
1.8 - Low
- January 19, 2026
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
Generation of Error Message Containing Sensitive Information
HCL AION 2 JWT Token Expiry Too Long Vulnerability (CVE-2025-52661)
CVE-2025-52661
2.4 - Low
- January 19, 2026
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
Insufficient Session Expiration
HCL AION Missing Security Response Headers (CVE-2025-55249)
CVE-2025-55249
3.5 - Low
- January 19, 2026
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the applications overall security posture and increase its susceptibility to common web-based attacks.
Protection Mechanism Failure
HCL AION v2: Cacheable HTTP Response Cache Vulnerability Exposes S. Data
CVE-2025-52659
2.8 - Low
- January 19, 2026
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
Use of Web Browser Cache Containing Sensitive Information
HCL AION Unrestricted File Upload (UFU) enabling code execution
CVE-2025-52660
2.7 - Low
- January 19, 2026
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
Improper Neutralization of HTTP Headers for Scripting Syntax
HCL AION Unrestricted File Upload RCE Risk
CVE-2025-55251
3.1 - Low
- January 19, 2026
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
Unrestricted File Upload
HCL AION 2.0 CSP Bypass Enables Unauthorized Script Execution
CVE-2025-52624
5.4 - Medium
- October 10, 2025
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
OWASP Top Ten 2017 Category A6 - Security Misconfiguration
HCL AION 2.0 Unauthorized Actor Info Leak
CVE-2025-52630
3.7 - Low
- October 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Information Disclosure
HCL AION 2.0 Sensitive Info Exposure (CVE-2025-52634)
CVE-2025-52634
3.7 - Low
- October 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Information Disclosure
CSP Inline Script Exec Vulnerability in HCL AION v2.0
CVE-2025-52650
8.2 - High
- October 10, 2025
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
OWASP Top Ten 2017 Category A6 - Security Misconfiguration
