CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

CVSS v3 1.9 LOW

1.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-16 15:16

Updated : 2026-03-18 20:38

NVD link : CVE-2025-52645

Mitre link : CVE-2025-52645

CVE.ORG link : CVE-2025-52645

JSON object : View

Products Affected

hcltech

aion

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2025-52645", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-16T15:16:18.707", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour."}, {"lang": "es", "value": "HCL AION est\u00e1 afectado por una vulnerabilidad donde los mecanismos de empaquetado y distribuci\u00f3n de modelos podr\u00edan no incluir suficiente verificaci\u00f3n de autenticidad. Esto podr\u00eda permitir la posibilidad de que se utilicen artefactos de modelo no verificados o modificados, lo que podr\u00eda llevar a problemas de integridad o a un comportamiento no deseado."}], "lastModified": "2026-03-18T20:38:37.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4A57E2-DE5F-4B45-AD26-E8DD55D7DDA4", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}