CVE-2025-52633 LOW

CVE-2025-52633: HCL AION is susceptible to Missing Content-Security-Policy

Vendor Hcl
Product AION
Weakness CWE-539
Published February 3, 2026
Last update February 3, 2026

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 3, 2026 Record updated