CVE-2025-52648
Unsigned Offering Images in HCL AION Allow Integrity Compromise
Publication date: 2026-03-16
Last updated on: 2026-03-27
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | aion | From 2.0 (inc) to 2.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL AION involves offering images that are not digitally signed. Because these images lack digital signatures, it is possible for unverified or tampered images to be used within the system.
This absence of image signing can lead to security risks such as compromise of the integrity of the images or causing unintended behavior in the system.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing the use of unverified or tampered images, which may compromise the integrity of the system.
Such compromise can lead to unintended behavior, potentially affecting the reliability and security of the system where HCL AION is used.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know