What is the CVSS score of CVE-2025-52659?

CVE-2025-52659 has a CVSS 3.1 base score of 2.8 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of HCL AION are affected by CVE-2025-52659?

CVE-2025-52659 is a low-severity vulnerability in HCL AION version 2 (CVSS 2.8). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

How to fix or mitigate CVE-2025-52659?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

HCL AION CVE-2025-52659

LOW

Use of Web Browser Cache Containing Sensitive Information (CWE-525)

2026-01-19 psirt@hcl.com

Authentication Bypass Information Disclosure

2.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 19, 2026 - 18:16 nvd

LOW 2.8

DescriptionNVD

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

AnalysisAI

Aion versions up to 2.0 contains a vulnerability that allows attackers to unintended storage of sensitive or dynamic content, potentially resulting in una (CVSS 2.8).

Technical ContextAI

affects Aion. HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-52659 vulnerability details – vuln.today

Back