Aion
CVE-2025-52661
LOW
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
AnalysisAI
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. [CVSS 2.4 LOW]
Technical ContextAI
Classified as CWE-613 (Insufficient Session Expiration). Affects Aion. HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing
HCL AION contains a container base image authentication vulnerability where container images are not properly verified b
Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that coul
HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive inform
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-
HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affe
HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting auth
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.
Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, pot
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today