CVE-2025-52633

LOW

HCL AION - Info Disclosure

Title source: llm

Description

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

References (1)

[Vendor Advisory] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Scores

CVSS v3 3.1

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Classification

CWE

CWE-539

Status published

Affected Products (1)

hcltech/aion

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026