EUVD-2025-208721

| CVE-2025-52638 MEDIUM
2026-03-16 HCL
5.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 14:00 euvd
EUVD-2025-208721
Analysis Generated
Mar 16, 2026 - 14:00 vuln.today
CVE Published
Mar 16, 2026 - 12:35 nvd
MEDIUM 5.6

Tags

Information Disclosure

Description

HCL AION is affected by a vulnerability where container base images are not properly authenticated. This may expose the system to potential security risks such as usage of untrusted container images, which could lead to unintended behaviour or security impact.

Analysis

HCL AION contains a container base image authentication vulnerability where container images are not properly verified before deployment, potentially allowing attackers to execute untrusted or malicious container images within the AION environment. This affects AION 2.0 and could enable attackers with local access and high privileges to compromise system integrity and availability. No public evidence of active exploitation or POC availability has been identified in the provided intelligence sources.

Technical Context

The vulnerability (CWE unspecified but related to authentication/verification mechanisms) exists in HCL AION's container orchestration layer where base container images lack proper cryptographic verification or signature validation before execution. Container platforms typically rely on image digests, digital signatures, or registry authentication to ensure image integrity and source authenticity. AION's implementation appears to bypass or improperly implement these controls, as identified via CPE cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*, allowing deployment of unsigned, tampered, or malicious base images. This is fundamentally an authentication and integrity control failure in the container image supply chain within the AION platform.

Affected Products

HCL AION 2.0 is affected by this vulnerability as confirmed via ENISA EUVD ID EUVD-2025-208721 and CPE designation cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*. The vendor advisory is available at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410. Specific patch availability and remediation guidance should be obtained directly from the HCL support portal referenced above.

Remediation

Obtain and apply the security patch from HCL AION as documented in the vendor advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410. Until patches are deployed, implement compensating controls by enforcing container image signature verification at the registry level, restricting container image pulls to approved and internally scanned registries only, implementing strict role-based access controls to limit container deployment to authorized personnel, and conducting security scanning of all base images before deployment. Enable audit logging for all container image operations to detect unauthorized image usage attempts.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

EUVD-2025-208721 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy