This page lists publicly disclosed CVE vulnerabilities affecting hcl aion (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-52648 | HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system | [email protected] | 4.8 | 0.12% | 2026-03-16 | 2026-03-27 |
| CVE-2025-52638 | HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible. | [email protected] | 5.6 | 0.13% | 2026-03-16 | 2026-03-27 |
| CVE-2025-52637 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | [email protected] | 4.5 | 0.22% | 2026-03-16 | 2026-03-27 |