CVE-2025-52633
Persistent Cookie Vulnerability in HCL AION 2.0 Risks Unauthorized Access
Publication date: 2026-02-03
Last updated on: 2026-04-27
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-539 | The web application uses persistent cookies, but the cookies contain sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL AION 2.0 involves the storage of sensitive session information in permanent cookies. Because these cookies persist beyond the current session, they may be intercepted or compromised, increasing the risk of unauthorized access to sensitive session data.
How can this vulnerability impact me? :
If an attacker intercepts or compromises the permanent cookies containing sensitive session information, they could gain unauthorized access to user sessions. This could lead to potential data exposure or unauthorized actions performed on behalf of the user.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Storing sensitive session information in permanent cookies increases the risk of unauthorized access to personal or protected data. This could lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require appropriate safeguards to protect sensitive information and prevent unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know