29 matches found
CVE-2025-52624
CVE-2025-52624 affects HCL AION 2.0. The issue is a bypass of the script allowlist caused by misconfigured Content-Security-Policy, enabling unauthorized scripts and increasing risk of cross-site scripting and other injection attacks. Connected sources confirm the vulnerability in HCL AION and de...
CVE-2025-55252
CVE-2025-55252 – HCL AION version 2 is affected by a Weak Password Policy vulnerability, which can allow use of easily guessable passwords and potentially unauthorized access. The available documents identify the affected product (HCL AION 2) and the underlying issue (weak password policy), but d...
CVE-2025-52659
CVE-2025-52659 affects HCL AION version 2, a AI lifecycle management platform. The vulnerability is a Cacheable HTTP Response issue that can cause unintended storage of sensitive or dynamic content, potentially enabling unauthorized access or information disclosure. The CVSS v3.1 base score is 7....
CVE-2025-55251
Affected product: HCL AION. Vulnerability: Unrestricted File Upload. Impact statement: potential for unauthorized code execution or system compromise. Metrics (NVD): CVSS v3.1 base score 9.8, CRITICAL; attack vector NETWORK; user interaction NONE; privileges required NONE; confidentiality/integri...
CVE-2025-52630
CVE-2025-52630 affects HCL AION (AION: 2.0). The connected sources describe an information disclosure vulnerability caused by a missing or insecure X-Content-Type-Options header, enabling an unauthorized actor to obtain credentials or system information. Public documents attribute this to HCL AIO...
CVE-2025-52627
CVE-2025-52627 affects HCL AION (AI lifecycle management platform) 2.0, where the root filesystem is not mounted read-only, allowing unintended modifications to critical system files and potential system compromise. Connected sources corroborate the issue and cite root-file-system write access as...
CVE-2025-52632
CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...
CVE-2025-52626
Affected product : HCL AION (AI lifecycle management platform). Vulnerability : Command injection vulnerability that can be exploited to execute arbitrary commands on the underlying system. Root cause / context : Descriptions indicate a command injection issue in HCL AION; specific technical root...
CVE-2025-52644
Technical details about CVE-2025-52644 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2025-52623
CVE-2025-52623 affects HCL AION v2.0 where the password field does not have autocomplete disabled, enabling potential storage or disclosure of credentials. Connected sources (CNVD-2026-16403, RH/Red Hat, NVD, and PT-2026-5901) corroborate an information disclosure risk from password-field autocom...
CVE-2025-52636
CVE-2025-52636 affects HCL AION. The issue is improper handling/validation of upload size limits, which may allow excessive resource consumption and could lead to service degradation or denial-of-service conditions under certain scenarios. Connected sources reiterate the same vulnerability descri...
CVE-2025-52650
CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...
CVE-2025-52660
HCL AION is affected by an Unrestricted File Upload vulnerability. Connected CNVD records describe an additional host header injection flaw in HCL AION, suggesting improper handling that can enable malicious file uploads and potential code execution or system compromise. The primary CVE entry and...
CVE-2025-52625
CVE-2025-52625 affects HCL AION 2.0. A vulnerability described as a Cacheable SSL Page Found issue could allow attackers with access to the device or browser to view cached data, exposing credentials, system identifiers, or internal file paths. Root cause specifics, affected components beyond the...
CVE-2025-52634
HCL AION (AI lifecycle platform) 2.0 is affected by CVE-2025-52634, described as an information disclosure vulnerability enabling unauthorized access. Multiple sources (NVD, RHACVE, CNVD, CNNVD, CVE lists, PT-2025-41539) corroborate that sensitive information can be exposed to an unauthenticated ...
CVE-2025-52643
The CVE-2025-52643 entry concerns HCL AION and describes a vulnerability where untrusted file parsing is not performed in a properly isolated sandbox. This could enable unintended behavior or integrity impact when processing crafted files. Public technical details (affected versions, root cause, ...
CVE-2025-52661
Technical details about CVE-2025-52661 are not publicly disclosed in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from vendors and security advisories.
CVE-2025-55249
Technical details (affected product/versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from vendor advisories and CVE feeds.
CVE-2025-52629
CVE-2025-52629 affects HCL AION 2.0 and is caused by a missing Content-Security-Policy (CSP) header, increasing risk of cross-site scripting and content-injection attacks. Multiple sources (NVD, RH, CNVD, ENISA EUVD) corroborate the missing CSP as the issue. Remediation is to implement a CSP head...
CVE-2025-52635
HCL AION (AI lifecycle platform) is affected in version 2.0 by a vulnerability where trusted types in scripts are not enforced by the Content Security Policy (CSP). This Trusted Types CSP bypass leads to information disclosure risk. Reports from multiple sources (NVD, CNVD, RH, CVE records, EUVD,...
CVE-2025-52642
CVE-2025-52642 affects HCL AION (AI lifecycle management platform). The connected documents describe a root cause where internal filesystem paths are exposed through application responses or system behavior, enabling potential information disclosure about environment structure. The impact is info...
CVE-2025-55250
HCL AION v2 is affected by a Technical Error Disclosure vulnerability that can expose sensitive technical details, potentially aiding information disclosure or attacker reconnaissance. The issue is described across NVD/Red Hat and related feeds with no public exploit details or remediation inform...
CVE-2025-52641
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2025-52646
Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security trackers to obtain affected versions, root cause, impact, and remediation.
CVE-2025-52649
Technical details for CVE-2025-52649 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-52633
HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...
CVE-2025-52645
CVE-2025-52645 — HCL AION : The vulnerability concerns model packaging and distribution that may lack sufficient authenticity verification, allowing unverified or modified model artifacts and potential integrity concerns or unintended behavior. Affected product: HCL AION (AI lifecycle management ...
CVE-2025-52631
CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...
CVE-2025-52628
CVE-2025-52628 affects HCL AION 2.0. Connected sources describe a cookie handling issue due to missing or insecure SameSite attributes, enabling cross-site requests and increasing CSRF risk. The CNVD entry calls it a CSRF vulnerability stemming from the cookie SameSite issue; Red Hat and NVD desc...