Description
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.
Published: 2026-04-15
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

The vulnerability allows an attacker to gather insights into the structure of the internal filesystem. Exposing such details can reveal configuration files, directory layouts, and other artefacts that may facilitate future targeted attacks. The primary consequence is information disclosure, potentially aiding the planning or execution of more damaging exploits.

Affected Systems

HCL AION is the only product affected. No specific version information is listed, so all current releases of HCL AION should be evaluated for this issue.

Risk and Exploitability

The CVSS score of 2.9 indicates low severity, and the EPSS score is 0.00011, indicating an extremely low exploitation probability. The vulnerability is not listed in the CISA KEV catalogue. Based on the description, the likely attack vector is local or requires privileged access to the system, as the exploitation involves interacting with internal filesystem structures. Since the CVE description does not mention remote code execution or network access, we infer that an attacker would need to compromise a local account or execute an action that triggers the vulnerable system behaviour.

Generated by OpenCVE AI on April 15, 2026 at 15:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for an official HCL AION patch that addresses the filesystem exploration issue and apply it as soon as available.
  • Limit file system permissions so that only trusted accounts can read sensitive directories and configuration files.
  • Monitor system logs for abnormal file read or traversal activities and investigate any suspicious events promptly.

Generated by OpenCVE AI on April 15, 2026 at 15:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-549

Wed, 15 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-209
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-549

Wed, 15 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Wed, 15 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.
Title Internal Filesystem Exploration vulnerability
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-04-15T13:18:47.899Z

Reserved: 2025-06-18T14:00:43.106Z

Link: CVE-2025-52641

cve-icon Vulnrichment

Updated: 2026-04-15T13:18:30.445Z

cve-icon NVD

Status : Received

Published: 2026-04-15T09:16:31.063

Modified: 2026-04-15T14:16:13.980

Link: CVE-2025-52641

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:00:07Z

Weaknesses