Container Authentication Flaw in HCL AION
CVE-2025-52638

5.6MEDIUM

Key Information:

Vendor: HCL Software
Status: Aion
Vendor: CVE Published:; 16 March 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-52638?

HCL AION is vulnerable due to improper authentication of container base images, enabling the usage of untrusted images. This vulnerability can result in unintended system behavior and poses significant security risks by allowing malicious entities to execute potentially harmful code within the environment. It emphasizes the importance of verifying the source of container images to maintain the integrity of applications.

Affected Version(s)

AION 2.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Jun 18, 2025

CVE-2025-52638 Data

JSON