Skip to main content

HCL AION CVE-2025-62310

| EUVDEUVD-2025-209851 MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2026-05-14 HCL GHSA-87fr-h366-pw6q
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 17:30 vuln.today
CVE Published
May 14, 2026 - 16:05 nvd
MEDIUM 5.4

DescriptionCVE.org

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.

AnalysisAI

HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.

Technical ContextAI

The vulnerability stems from insufficient cryptographic controls (CWE-319: Cleartext Transmission of Sensitive Information) in HCL AION's data transmission mechanisms. Certain operations or data flows lack enforced encryption, meaning information may traverse network or storage channels in plaintext or with weak protection. The attack vector (AV:A) indicates the threat actor must be on the same network segment as the target, suggesting this affects scenarios where an attacker has local network positioning (same LAN, WiFi, or adjacent network). The vulnerability affects all versions of HCL AION as indicated by the wildcard CPE, though specific affected version ranges have not been disclosed in available references.

RemediationAI

Consult HCL support advisory KB0130636 at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636 for vendor-supplied patch or update instructions. If a patched version is available, upgrade HCL AION to the minimum remediated release specified by HCL. Pending patch deployment, implement the following compensating controls: enforce network segmentation to restrict adjacent-network access to AION systems (use VLANs, firewall rules, or network access control lists to limit which systems can communicate with AION); disable or restrict any optional features that transmit sensitive data if such features are not critical to operations (consult HCL documentation for feature-specific encryption toggles); implement encrypted VPN or IPsec tunnels for all AION communications to ensure data in transit is protected even if AION's native encryption is not enforced; monitor network traffic for unencrypted sensitive data transmissions using network IDS/DLP tools and establish alerts. These controls introduce operational overhead and do not replace vendor patching; prioritize patch deployment based on HCL's timeline.

More in Aion

View all
CVE-2025-52650 HIGH
8.2 Oct 10

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

CVE-2025-52632 MEDIUM
6.5 Oct 10

A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

CVE-2025-52644 MEDIUM
5.8 Mar 16

HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing

CVE-2025-52638 MEDIUM
5.6 Mar 16

HCL AION contains a container base image authentication vulnerability where container images are not properly verified b

CVE-2025-52627 MEDIUM
5.5 Feb 03

Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

CVE-2025-62313 MEDIUM
5.4 May 14

HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that coul

CVE-2025-52624 MEDIUM
5.4 Oct 10

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-

CVE-2025-62305 MEDIUM
5.1 May 14

HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affe

CVE-2025-62308 MEDIUM
5.1 May 14

HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting auth

CVE-2025-52643 MEDIUM
4.7 Mar 16

A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

CVE-2025-52628 MEDIUM
4.6 Feb 03

Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, pot

CVE-2025-52626 MEDIUM
4.5 Feb 03

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially le

Share

CVE-2025-62310 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy