CVE-2025-52648

MEDIUM

HCL AION <2.0 - Integrity Compromise

Title source: llm

Description

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Scores

CVSS v3 4.8

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-347

Status published

Products (2)

HCL/AION 2.0

hcl/aion 2.0 - 2.1.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026