CVE-2025-52637

MEDIUM

Multiple security vulnerabilities affect HCL AION

Title source: cna

Description

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Scores

CVSS v3 4.5

EPSS 0.0022

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

HCL/AION 2.0

hcl/aion 2.0 - 2.1.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026