CVE-2025-52633

LOW

HCL AION 2.0 - Sensitive Session Information Exposure via Persistent Cookies

Title source: llm

Description

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Scores

CVSS v3 3.1

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-539

Status published

Products (2)

hcltech/aion 2.0

hcltech/aion 2.0.0

Published Feb 03, 2026

Tracked Since Feb 18, 2026