CVE-2025-52627
Root File System Misconfiguration in AION 2.0 Enables Unauthorized Modifications
Publication date: 2026-02-03
Last updated on: 2026-04-25
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the root file system not being mounted as read-only. Because of this configuration issue, critical system files can be unintentionally modified. Such modifications increase the risk of system compromise or unauthorized changes.
The affected product is AION version 2.0.
How can this vulnerability impact me? :
The vulnerability can lead to unintended modifications of critical system files, which may increase the risk of system compromise or unauthorized changes. This could potentially allow attackers or unauthorized users to alter system behavior or security settings.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know