CVE-2025-52638 MEDIUM

CVE-2025-52638: Multiple security vulnerabilities affect HCL AION

Vendor Hcl
Product AION
Published March 16, 2026
Last update March 17, 2026

CVSS base score

5.6/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.

Key dates

02Disclosure timeline

March 16, 2026 CVE published
March 17, 2026 Record updated