CVE-2025-52660

Summary

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareAION2affected

Weaknesses

  • CWE-644: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References