Description
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.
Published: 2026-03-16
Score: 1.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Integrity Compromise
Action: Patch Now
AI Analysis

Impact

HCL AION has a flaw where the model packaging and distribution mechanisms may lack sufficient authenticity verification. This weakness can allow unverified or altered model artifacts to be deployed, potentially causing integrity issues or unintended behaviour in the AI system. The vulnerability is classified under CWE-345, which involves data or code that is not properly validated before use.

Affected Systems

Affected vendor and product: HCL AION. No specific version information is provided in the available data, so all releases of HCL AION are potentially impacted until the vendor releases a mitigation.

Risk and Exploitability

The CVSS score of 1.9 indicates a low severity. The EPSS score is below 1% and the vulnerability is not listed in CISA’s KEV catalog, suggesting a low likelihood of exploitation. The attack vector is not explicitly described in the source data; based on the description it is inferred that successful exploitation would likely require access to the model packaging or distribution pipeline, or the ability to replace model artifacts in deployment. Consequently, the practical risk to most users is limited unless such access is available.

Generated by OpenCVE AI on March 18, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact HCL Support for an official patch or update
  • Verify digital signatures or integrity checks on all model artifacts before deployment
  • Implement monitoring to detect unauthorized changes to deployed models
  • Apply any available vendor recommendations for additional safeguards

Generated by OpenCVE AI on March 18, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-345
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.
Title HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.
References
Metrics cvssV3_1

{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T20:14:12.826Z

Reserved: 2025-06-18T14:00:44.549Z

Link: CVE-2025-52645

cve-icon Vulnrichment

Updated: 2026-03-16T20:14:09.304Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:18.707

Modified: 2026-04-25T18:04:19.093

Link: CVE-2025-52645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:22Z

Weaknesses