CVE-2025-52625

LOW

HCL AION 2.0 - Sensitive Information Exposure via Browser Cache

Title source: llm

Description

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444

Scores

CVSS v3 3.7

EPSS 0.0003

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-525

Status published

Products (2)

hcltech/aion 2.0

hcltech/aion 2.0.0

Published Oct 10, 2025

Tracked Since Feb 18, 2026