CVE-2025-52642
Information Disclosure via Internal Path Exposure in HCL AION
Publication date: 2026-03-16
Last updated on: 2026-04-27
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | From 2.0.0 (inc) to 2.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL AION involves the exposure of internal filesystem paths through application responses or system behavior.
This means that details about the internal environment structure may be revealed unintentionally.
Such exposure can provide attackers with information that could help them plan further targeted attacks or lead to information disclosure.
How can this vulnerability impact me? :
Exposure of internal filesystem paths can reveal sensitive information about the system's environment.
This information disclosure could aid attackers in crafting more effective and targeted attacks against the system.
The vulnerability has a low CVSS base score of 3.3, indicating limited but non-negligible impact, primarily related to confidentiality and integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know