Aion
CVE-2025-52626
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
A Potential Command Injection vulnerability in HCL AION.
An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
AnalysisAI
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 [CVSS 4.5 MEDIUM]
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects Aion. A Potential Command Injection vulnerability in HCL AION.
An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
RemediationAI
Monitor vendor advisories for a patch.
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing
HCL AION contains a container base image authentication vulnerability where container images are not properly verified b
Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that coul
HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive inform
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-
HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affe
HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting auth
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.
Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, pot
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today