CVE-2025-52642
Received Received - Intake
Information Disclosure via Internal Path Exposure in HCL AION

Publication date: 2026-03-16

Last updated on: 2026-04-27

Assigner: HCL Software

Description
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52642
EUVD
EUVD-2025-208733
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech aion From 2.0.0 (inc) to 2.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-538 The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in HCL AION involves the exposure of internal filesystem paths through application responses or system behavior.

This means that details about the internal environment structure may be revealed unintentionally.

Such exposure can provide attackers with information that could help them plan further targeted attacks or lead to information disclosure.

Impact Analysis

Exposure of internal filesystem paths can reveal sensitive information about the system's environment.

This information disclosure could aid attackers in crafting more effective and targeted attacks against the system.

The vulnerability has a low CVSS base score of 3.3, indicating limited but non-negligible impact, primarily related to confidentiality and integrity.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52642. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart