CVE-2025-52643

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

History

18 Mar 2026, 20:42

Type	Values Removed	Values Added
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 - Vendor Advisory
Summary		(es) HCL AION está afectado por una vulnerabilidad donde las operaciones de análisis de archivos no confiables no se ejecutan dentro de un entorno de sandbox debidamente aislado. Esto puede exponer la aplicación a riesgos de seguridad potenciales, incluyendo comportamiento no deseado o impacto en la integridad al procesar archivos especialmente diseñados.
CPE		cpe:2.3:a:hcltech:aion::::::::
First Time		Hcltech aion Hcltech

16 Mar 2026, 19:16

Type	Values Removed	Values Added
CWE		CWE-693

16 Mar 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 15:16

Updated : 2026-03-18 20:42

NVD link : CVE-2025-52643

Mitre link : CVE-2025-52643

CVE.ORG link : CVE-2025-52643

JSON object : View

Products Affected

hcltech

aion

CWE

CWE-693

Protection Mechanism Failure

{"id": "CVE-2025-52643", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-16T15:16:18.430", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files."}, {"lang": "es", "value": "HCL AION est\u00e1 afectado por una vulnerabilidad donde las operaciones de an\u00e1lisis de archivos no confiables no se ejecutan dentro de un entorno de sandbox debidamente aislado. Esto puede exponer la aplicaci\u00f3n a riesgos de seguridad potenciales, incluyendo comportamiento no deseado o impacto en la integridad al procesar archivos especialmente dise\u00f1ados."}], "lastModified": "2026-03-18T20:42:40.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4A57E2-DE5F-4B45-AD26-E8DD55D7DDA4", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}