Image Integrity Issue in HCL AION Software
CVE-2025-52648

4.8MEDIUM

Key Information:

Vendor: HCL Software
Status: Aion
Vendor: CVE Published:; 16 March 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-52648?

HCL AION is susceptible to a vulnerability due to the absence of digital signing for offering images. This lack of image verification can result in the deployment of unverified or potentially tampered images, raising significant concerns about system integrity and unintended behavioral changes. Organizations utilizing HCL AION should take immediate steps to mitigate risks associated with this vulnerability and consider implementing stringent image verification mechanisms.

Affected Version(s)

AION 2.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Jun 18, 2025

CVE-2025-52648 Data

JSON