CVE-2025-55252

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:aion:2.0.0:*:*:*:*:*:*:*

History

25 Apr 2026, 18:05

Type	Values Removed	Values Added
CPE	cpe:2.3:a:hcltech:aion:2.0:::::::*	cpe:2.3:a:hcltech:aion:2.0.0:::::::*
Summary		(es) HCL AION versión 2 está afectado por una vulnerabilidad de política de contraseñas débil. Esto puede permitir el uso de contraseñas fácilmente adivinables, lo que podría resultar en acceso no autorizado.

30 Jan 2026, 16:13

Type	Values Removed	Values Added
References	~~() https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# -~~	() https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# - Permissions Required
First Time		Hcltech aion Hcltech
CPE		cpe:2.3:a:hcltech:aion:2.0:::::::*

19 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-19 19:16

Updated : 2026-04-25 18:05

NVD link : CVE-2025-55252

Mitre link : CVE-2025-55252

CVE.ORG link : CVE-2025-55252

JSON object : View

Products Affected

hcltech

aion

CWE

CWE-521

Weak Password Requirements

3.1 /10