Description
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
Published: 2026-03-16
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure from internal filesystem path exposure
Action: Assess Impact
AI Analysis

Impact

HCL AION is vulnerable to a disclosure of internal filesystem paths through application responses or system behavior. The information that can be exposed includes the server’s directory structure and other environmental details, which could help an attacker build a more precise attack plan or uncover sensitive configuration data. The weakness corresponds to the common weakness enumeration for information exposure.

Affected Systems

The affected product is HCL AION. No specific version numbers were listed in the advisory, so all deployed instances of this solution may be impacted until HCL publishes a fix released in a newer version.

Risk and Exploitability

The defined CVSS score of 3.3 suggests low severity, and an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not currently listed in CISA’s KEV catalog. Because the impact is limited to information disclosure, an attacker would need to generate responses that expose paths, possibly by sending crafted requests or triggering error messages. There is no direct path to code execution or denial of service from this flaw.

Generated by OpenCVE AI on March 23, 2026 at 16:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether HCL AION has released a security patch or update that addresses the path disclosure flaw and apply it immediately. If a patch is not yet available, disable or limit detailed error messages, stack traces, and other diagnostics that reveal filesystem paths in the application’s output. Monitor HCL’s security advisories for updates and apply any subsequent patches as soon as they are released.

Generated by OpenCVE AI on March 23, 2026 at 16:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-538
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.
Title HCL AION is affected by an internal filesystem paths disloser vulnerability
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T20:07:54.201Z

Reserved: 2025-06-18T14:00:44.548Z

Link: CVE-2025-52642

cve-icon Vulnrichment

Updated: 2026-03-16T20:07:51.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:18.300

Modified: 2026-04-27T18:34:17.243

Link: CVE-2025-52642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:20Z

Weaknesses