CVE-2025-52636
Received Received - Intake
Upload Size Limit Vulnerability in HCL AION Causes DoS Risk

Publication date: 2026-03-16

Last updated on: 2026-04-25

Assigner: HCL Software

Description
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-25
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52636
EUVD
EUVD-2025-208731
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech aion From 2.0.0 (inc) to 2.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in HCL AION involves improper handling of upload size limits. Specifically, the system does not properly control or validate the size of uploads, which can allow excessively large uploads.

As a result, this can lead to excessive consumption of system resources.

Impact Analysis

The main impact of this vulnerability is the potential for service degradation or denial-of-service (DoS) conditions.

Because the system may consume excessive resources when handling large uploads, it could slow down or become unavailable under certain scenarios.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52636. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart