CVE-2025-52648 MEDIUM

CVE-2025-52648

Vendor Hcl
Product AION
Published March 16, 2026
Last update March 16, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Key dates

02Disclosure timeline

March 16, 2026 CVE published
March 16, 2026 Record updated