Skip to main content

Aion CVE-2025-52627

MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-02-03 psirt@hcl.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 18:16 nvd
MEDIUM 5.5

DescriptionCVE.org

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

AnalysisAI

Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Technical ContextAI

This vulnerability (CWE-732: Incorrect Permission Assignment for Critical Resource) affects Aion. Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

RemediationAI

Monitor vendor advisories for a patch.

More in Aion

View all
CVE-2025-52650 HIGH
8.2 Oct 10

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

CVE-2025-52632 MEDIUM
6.5 Oct 10

A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

CVE-2025-52644 MEDIUM
5.8 Mar 16

HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing

CVE-2025-52638 MEDIUM
5.6 Mar 16

HCL AION contains a container base image authentication vulnerability where container images are not properly verified b

CVE-2025-62313 MEDIUM
5.4 May 14

HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that coul

CVE-2025-62310 MEDIUM
5.4 May 14

HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive inform

CVE-2025-52624 MEDIUM
5.4 Oct 10

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-

CVE-2025-62305 MEDIUM
5.1 May 14

HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affe

CVE-2025-62308 MEDIUM
5.1 May 14

HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting auth

CVE-2025-52643 MEDIUM
4.7 Mar 16

A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

CVE-2025-52628 MEDIUM
4.6 Feb 03

Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, pot

CVE-2025-52626 MEDIUM
4.5 Feb 03

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially le

Share

CVE-2025-52627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy