CVE-2025-52642 LOW

CVE-2025-52642: HCL AION is affected by an internal filesystem paths disloser vulnerability

Vendor Hcl
Product AION
Published March 16, 2026
Last update March 16, 2026

CVSS base score

3.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

Key dates

02Disclosure timeline

March 16, 2026 CVE published
March 16, 2026 Record updated