CVE-2025-62317

Summary

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.

Affected Software

VendorProductVersion RangeStatus
HCLAION2.1.0affected

Weaknesses

  • CWE-598: CWE-598: Use of HTTP Request With Sensitive Query String

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References