CVE-2025-52642

LOW

HCL AION is affected by an internal filesystem paths disloser vulnerability

Title source: cna

Description

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Scores

CVSS v3 3.3

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-538

Status published

Products (2)

HCL/AION 2.0

hcltech/aion 2.0 - 2.1.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026