CVE-2025-52644
Insufficient Auditing in HCL AION Impairs Activity Traceability
Publication date: 2026-03-16
Last updated on: 2026-04-28
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | From 2.0.0 (inc) to 2.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-778 | When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL AION involves inadequate auditing or logging of certain user actions. Because these actions are not properly recorded, it reduces the ability to trace user activities effectively.
How can this vulnerability impact me? :
The lack of proper auditing mechanisms can impact monitoring and accountability, making it harder to investigate incidents or understand user behavior. This could lead to delayed detection of malicious activities or unauthorized actions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Inadequate auditing and logging can negatively affect compliance with standards and regulations such as GDPR and HIPAA, which often require detailed record-keeping and traceability of user actions to ensure accountability and support incident investigations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know