CVE-2025-55251

LOW
2026-01-19 [email protected]
3.1
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 19, 2026 - 18:16 nvd
LOW 3.1

Tags

File Upload RCE

Description

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Analysis

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

Technical Context

Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Affects Aion. HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Affected Products

Vendor: Hcltech. Product: Aion. Versions: up to 2.0.

Remediation

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root.

Priority Score

16
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: 0

Share

CVE-2025-55251 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy