CVE-2025-52641
Information Disclosure Vulnerability in HCL AION Filesystem Access
Publication date: 2026-04-15
Last updated on: 2026-05-01
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aion | From 2.0.0 (inc) to 2.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL AION allows certain system behaviors that may enable an attacker to explore internal filesystem structures.
This exploration can expose information about the underlying environment, which might help an attacker in planning further targeted actions or cause limited information disclosure.
How can this vulnerability impact me? :
This vulnerability can lead to limited information disclosure by revealing internal filesystem structures.
Such exposure may provide attackers with insights into the system environment, potentially aiding them in executing more targeted attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in HCL AION allows exploration of internal filesystem structures, which may lead to limited information disclosure. Such exposure could potentially aid attackers in further targeted actions.
While the CVE description does not explicitly mention impacts on compliance with standards like GDPR or HIPAA, any unauthorized exposure of internal system information could increase risks related to data protection and privacy requirements under these regulations.
Organizations subject to these standards should consider this vulnerability as a factor in their risk assessments and remediation plans to maintain compliance.