Predictable Identifier Vulnerability in HCL AION by HCL Software
CVE-2025-52649

1.8LOW

Key Information:

Vendor: HCL Software
Status: Aion
Vendor: CVE Published:; 16 March 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-52649?

HCL AION has been identified with a vulnerability arising from certain identifiers being predictable in nature. This predictability can enable attackers to infer or guess system-generated values, which may lead to limited information disclosure or unintended access in specific scenarios. Such vulnerabilities can compromise the integrity of data and threaten the overall security of the system, highlighting the need for robust identifier generation mechanisms.

Affected Version(s)

AION 2.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Jun 18, 2025

CVE-2025-52649 Data

JSON