SQLi in HCL AION Offering Configs Enables Arbitrary DB Queries
CVE-2025-52637 Published on March 16, 2026

Multiple security vulnerabilities affect HCL AION
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

NVD

Vulnerability Analysis

CVE-2025-52637 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2025-52637 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2025-52637

Want to know whenever a new CVE is published for Hcl Aion? stack.watch will email you.

Hcl Aion
 

Affected Versions

HCL AION Version 2.0 is affected by CVE-2025-52637

Exploit Probability

EPSS
0.08%
Percentile
23.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.