HCL AION HTTP Response Header Misconfig Weakens Browser Security
CVE-2025-62316 Published on May 14, 2026

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is a Clickjacking Vulnerability?

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes, objects, embed or applet elements. Without the restrictions, users can be tricked into interacting with the application when they were not intending to.

CVE-2025-62316 has been classified to as a Clickjacking vulnerability or weakness.


Products Associated with CVE-2025-62316

Want to know whenever a new CVE is published for Hcl Aion? stack.watch will email you.

Hcl Aion
 

Affected Versions

HCL AION Version 2.1.0 is affected by CVE-2025-62316

Exploit Probability

EPSS
0.02%
Percentile
6.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.