CVE-2025-52660
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-19
Last updated on: 2026-04-25
Assigner: HCL Software
Description
Description
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | 2.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-644 | The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL AION is an Unrestricted File Upload issue that allows attackers to upload malicious files without proper restrictions. This can lead to unauthorized code execution or compromise of the affected system.
How can this vulnerability impact me? :
The impact of this vulnerability includes potential unauthorized code execution and system compromise, which could allow attackers to take control of the system or disrupt its normal operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70