{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52642", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:44.548Z", "datePublished": "2026-03-16T14:45:23.821Z", "dateUpdated": "2026-03-16T20:07:54.201Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T14:45:23.821Z"}, "title": "HCL AION is affected by an internal filesystem paths disloser vulnerability", "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-538", "lang": "en", "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T20:07:40.861419Z", "id": "CVE-2025-52642", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:07:54.201Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T20:07:40.861419Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:07:51.391Z"}}], "cna": {"title": "HCL AION is affected by an internal filesystem paths disloser vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.", "supportingMedia": [{"type": "text/html", "value": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T14:45:23.821Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52642", "state": "PUBLISHED", "dateUpdated": "2026-03-16T20:07:54.201Z", "dateReserved": "2025-06-18T14:00:44.548Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-16T14:45:23.821Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD0DD06-7840-4FFE-8BCF-1B94410B237D", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure."}, {"lang": "es", "value": "HCL AION est\u00e1 afectado por una vulnerabilidad donde las rutas internas del sistema de archivos pueden ser expuestas a trav\u00e9s de las respuestas de la aplicaci\u00f3n o el comportamiento del sistema. La exposici\u00f3n de rutas internas puede revelar detalles de la estructura del entorno, lo que podr\u00eda potencialmente ayudar en ataques dirigidos adicionales o revelaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2025-52642", "lastModified": "2026-04-27T18:34:17.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T15:16:18.300", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "matching", "scores": [{"score": 80.0, "source": "matching"}]}, "original": {"product": "AION", "source": "cna", "vendor": "HCL"}, "product": "aion", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-03-23T16:31:22.915532+00:00", "value": {"mitigation_remediation": ["Verify whether HCL AION has released a security patch or update that addresses the path disclosure flaw and apply it immediately. If a patch is not yet available, disable or limit detailed error messages, stack traces, and other diagnostics that reveal filesystem paths in the application\u2019s output. Monitor HCL\u2019s security advisories for updates and apply any subsequent patches as soon as they are released."], "summary": {"action": "Assess Impact", "impact": "Information disclosure from internal filesystem path exposure"}, "threat_synthesis": {"affected_systems": "The affected product is HCL AION. No specific version numbers were listed in the advisory, so all deployed instances of this solution may be impacted until HCL publishes a fix released in a newer version.", "description_and_impact": "HCL AION is vulnerable to a disclosure of internal filesystem paths through application responses or system behavior. The information that can be exposed includes the server\u2019s directory structure and other environmental details, which could help an attacker build a more precise attack plan or uncover sensitive configuration data. The weakness corresponds to the common weakness enumeration for information exposure.", "risk_and_exploitability": "The defined CVSS score of 3.3 suggests low severity, and an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not currently listed in CISA\u2019s KEV catalog. Because the impact is limited to information disclosure, an attacker would need to generate responses that expose paths, possibly by sending crafted requests or triggering error messages. There is no direct path to code execution or denial of service from this flaw."}}}}, "created": "2026-03-17T09:52:46.506107+00:00", "updated": "2026-03-24T10:44:20.901208+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$aion"]}