CVE-2025-52638

MEDIUM

Multiple security vulnerabilities affect HCL AION

Title source: cna

Description

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Scores

CVSS v3 5.6

EPSS 0.0002

EPSS Percentile 4.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-345

Status published

Products (2)

HCL/AION 2.0

hcl/aion 2.0 - 2.1.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026