CVE-2025-52629 - Vulnerability Details - OpenCVE

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Aion

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/managed-detection-response
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

History

Wed, 04 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech aion
Vendors & Products		Hcltech Hcltech aion

Tue, 03 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
Title		HCL AION is susceptible to Missing Content-Security-Policy
Weaknesses		CWE-1032
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2026-02-03T17:54:44.662Z

Updated: 2026-02-03T18:58:35.883Z

Reserved: 2025-06-18T14:00:41.704Z

Link: CVE-2025-52629

Vulnrichment

Updated: 2026-02-03T18:58:07.688Z

NVD

Status : Awaiting Analysis

Published: 2026-02-03T18:16:13.257

Modified: 2026-02-04T16:34:21.763

Link: CVE-2025-52629

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52629", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:41.704Z", "datePublished": "2026-02-03T17:54:44.662Z", "dateUpdated": "2026-02-03T18:58:35.883Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AION", "vendor": "HCL", "versions": [{"status": "affected", "version": "2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HCL AION is susceptible to Missing Content-Security-Policy. \n\nAn The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.<p></p>"}], "value": "HCL AION is susceptible to Missing Content-Security-Policy.\u00a0\n\nAn The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1032", "description": "CWE-1032", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-02-03T17:54:44.662Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL AION is susceptible to Missing Content-Security-Policy", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T18:58:04.870465Z", "id": "CVE-2025-52629", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T18:58:35.883Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52629", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T18:58:04.870465Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T18:58:07.688Z"}}], "cna": {"title": "HCL AION is susceptible to Missing Content-Security-Policy", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL AION is susceptible to Missing Content-Security-Policy.\u00a0\n\nAn The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.", "supportingMedia": [{"type": "text/html", "value": "HCL AION is susceptible to Missing Content-Security-Policy. \n\nAn The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1032", "description": "CWE-1032"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-02-03T17:54:44.662Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52629", "state": "PUBLISHED", "dateUpdated": "2026-02-03T18:58:35.883Z", "dateReserved": "2025-06-18T14:00:41.704Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-02-03T17:54:44.662Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}