Description
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
Published: 2026-05-14
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in HCL AION is triggered when certain operations cause out-of-band interactions that can lead to unintended exposure of sensitive information. This flaw aligns with CWE-201, indicating the application may act as a conduit for communicating data to external systems. The description states that data could be disclosed to external systems under specific conditions, thereby potentially compromising confidentiality.

Affected Systems

HCL AION is the only product identified as affected. No specific version details are provided, meaning any deployment of this product could be susceptible until a patched or mitigated release becomes available.

Risk and Exploitability

The CVSS score of 5.1 rates the vulnerability as medium severity, emphasizing a confidentiality impact. EPSS information is not available, leaving the probability of exploitation uncertain. The fault appears to rely on the application initiating out‑of‑band connections, so the attack vector is inferred to be external‑side, dependent on certain operations being performed. The flaw is not listed in CISA KEV, suggesting that known, widespread exploitation has not yet been reported.

Generated by OpenCVE AI on May 14, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided patch or update for HCL AION that addresses the out‑of‑band interaction flaw.
  • Restrict or disable configuration settings that enable external outbound communication when not required.
  • Monitor outbound network traffic for anomalous external connections and investigate any unexpected data transfers.

Generated by OpenCVE AI on May 14, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aion
Vendors & Products Hcl
Hcl aion

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
Title HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Hcl Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-14T18:32:11.208Z

Reserved: 2025-10-10T09:04:02.284Z

Link: CVE-2025-62305

cve-icon Vulnrichment

Updated: 2026-05-14T18:32:05.376Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T17:16:16.307

Modified: 2026-05-14T17:22:46.577

Link: CVE-2025-62305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T18:30:26Z

Weaknesses