CVE-2025-52659

LOW

2.8

Description

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

CVE Details

CVSS v3.1 Score2.8

SeverityLOW

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published1/19/2026

Last Modified1/30/2026

Sourcenvd

Honeypot Sightings0

Affected Products

hcltech:aion

Weaknesses (CWE)

CWE-525

References

https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#(psirt@hcl.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.