{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52636", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:43.106Z", "datePublished": "2026-03-16T14:21:08.132Z", "dateUpdated": "2026-03-16T18:43:45.176Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T14:21:08.132Z"}, "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<b>HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.</b>"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "LOW", "baseScore": 1.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}, "title": "HCL AION is affected by a improper handling of uploads files Size"}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T18:43:00.382900Z", "id": "CVE-2025-52636", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:43:45.176Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52636", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T18:43:00.382900Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:43:40.224Z"}}], "cna": {"title": "HCL AION is affected by a improper handling of uploads files Size", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.", "supportingMedia": [{"type": "text/html", "value": "<b>HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.</b>", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T14:21:08.132Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52636", "state": "PUBLISHED", "dateUpdated": "2026-03-16T18:43:45.176Z", "dateReserved": "2025-06-18T14:00:43.106Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-16T14:21:08.132Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD0DD06-7840-4FFE-8BCF-1B94410B237D", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios."}, {"lang": "es", "value": "HCL AION se ve afectado por una vulnerabilidad relacionada con el manejo de los l\u00edmites de tama\u00f1o de carga. Un control o validaci\u00f3n inadecuados de los tama\u00f1os de carga puede permitir un consumo excesivo de recursos, lo que podr\u00eda conducir potencialmente a la degradaci\u00f3n del servicio o a condiciones de denegaci\u00f3n de servicio bajo ciertos escenarios."}], "id": "CVE-2025-52636", "lastModified": "2026-04-25T18:04:06.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T15:16:17.890", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "matching", "scores": [{"score": 80.0, "source": "matching"}]}, "original": {"product": "AION", "source": "cna", "vendor": "HCL"}, "product": "aion", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-03-23T15:51:15.994966+00:00", "value": {"mitigation_remediation": ["Apply the latest HCL AION patch or upgrade to a version that addresses the upload size handling issue.", "If a patch is not available, configure the application and underlying web server to enforce strict file upload size limits and resource quotas.", "Monitor the application for unusually large upload requests or sudden increases in resource usage, and correlate with logs to detect potential abuse.", "Keep all components of the HCL AION environment, including the underlying operating system and network infrastructure, updated with the latest security patches."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the HCL AION product. No detailed version information is provided, so any deployment of HCL AION should verify whether its installed version is affected by checking release notes or contacting the vendor.", "description_and_impact": "Improper control or validation of file upload sizes in HCL AION can lead to excessive consumption of system resources. The weakness, classified as CWE-400, may cause the application to degrade or become unavailable if an attacker uploads files that exceed acceptable limits or floods the system with large payloads. The documented impact is a potential denial of service rather than direct compromise of confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 1.8 indicates a low severity rating, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker exploiting the upload mechanism by submitting overly large files; this inference is based on the description of the upload size handling issue. No evidence of active exploitation is reported, and the exploitation would require sufficient network reachability to the application and the capability to send large files."}}}}, "created": "2026-03-17T09:52:52.464814+00:00", "updated": "2026-03-24T10:44:27.329554+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$aion"]}