Description
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system
Published: 2026-03-16
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Integrity Compromise
Action: Patch
AI Analysis

Impact

AION allows the use of images that lack digital signatures, enabling an attacker to deliver an unverified or modified image and potentially alter system behavior. The vulnerability is cataloged as CWE-347 and can result in the compromise of platform integrity.

Affected Systems

The affected product is HCL AION. No specific version information is disclosed, so all installations of AION may be affected until a vendor update is released.

Risk and Exploitability

The CVSS base score of 4.8 indicates a moderate level of severity, while the EPSS score of under 1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves supplying an unsigned or tampered image, inferred from the nature of the flaw as the data does not explicitly describe a specific attack method.

Generated by OpenCVE AI on March 27, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest patch or update released by HCL for AION.
  • Enforce signature verification for all images before deployment to ensure only signed images are used.
  • Audit existing images for missing signatures and replace any that are unsigned.
  • Monitor HCL support channels and knowledge base for subsequent advisories on this issue.

Generated by OpenCVE AI on March 27, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title HCL AION Unsigned Image Vulnerability Leading to Integrity Compromise

Fri, 27 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aion
CPEs cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*
Vendors & Products Hcl
Hcl aion

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title HCL AION Unsigned Image Vulnerability Leading to Integrity Compromise

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Hcl Aion
Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T14:44:03.534Z

Reserved: 2025-06-18T14:00:44.549Z

Link: CVE-2025-52648

cve-icon Vulnrichment

Updated: 2026-03-16T14:43:55.318Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:59.743

Modified: 2026-03-27T17:25:33.883

Link: CVE-2025-52648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T08:00:22Z

Weaknesses