CVE-2025-52641

LOW

Internal Filesystem Exploration vulnerability

Title source: cna

Description

HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130007

Scores

CVSS v3 2.9

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (1)

HCL/AION 2.0

Published Apr 15, 2026

Tracked Since Apr 15, 2026