CVE-2025-52648

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-16 14:17

Updated : 2026-03-27 17:25

NVD link : CVE-2025-52648

Mitre link : CVE-2025-52648

CVE.ORG link : CVE-2025-52648

JSON object : View

Products Affected

hcl

aion

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2025-52648", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-16T14:17:59.743", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system"}, {"lang": "es", "value": "HCL AION est\u00e1 afectado por una vulnerabilidad donde las im\u00e1genes de oferta no est\u00e1n firmadas digitalmente. La falta de firma de im\u00e1genes puede permitir el uso de im\u00e1genes no verificadas o manipuladas, lo que podr\u00eda llevar a riesgos de seguridad como el compromiso de la integridad o un comportamiento no deseado en el sistema."}], "lastModified": "2026-03-27T17:25:33.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43DEFA2D-ED07-4867-BC69-DD77EABA83B0", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}