CVE-2025-62305 HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions

HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions...

CVE-2025-62312 HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...

PT-2026-33016

Name of the Vulnerable Software and Affected Versions HCL AION affected versions not specified Description Certain system behaviors may allow exploration of internal filesystem structures. Exposure of this information can provide insights into the underlying environment, potentially aiding in...

CVE-2025-52646

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2025-52644

Technical details about CVE-2025-52644 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2025-52648

HCL AION is affected by CVE-2025-52648: offering images are not digitally signed, allowing unverified or tampered images which may cause integrity issues or unintended system behavior. Root cause: lack of image signing. No remediation details provided in the connected documents.

CVE-2025-52628

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

CVE-2025-52627

CVE-2025-52627 affects HCL AION (AI lifecycle management platform) 2.0, where the root filesystem is not mounted read-only, allowing unintended modifications to critical system files and potential system compromise. Connected sources corroborate the issue and cite root-file-system write access as...

CVE-2025-55252

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...

PT-2026-3462

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise...

PT-2026-3471

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks...