Inline Script Execution Vulnerability in HCL AION
CVE-2025-52650

8.2HIGH

Key Information:

Vendor: HCL Software
Status: HCL Software Aion
Vendor: CVE Published:; 10 October 2025

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-52650?

A vulnerability has been discovered in HCL AION v2.0 that permits the execution of inline scripts, potentially leading to unauthorized access and manipulation of sensitive data. This flaw arises from inadequate protections within the Content Security Policy (CSP), allowing attackers to exploit the vulnerability and execute scripts in the context of the user's browser. Implementing effective CSP rules and keeping HCL AION updated are crucial steps in mitigating the risk associated with this vulnerability.

Affected Version(s)

HCL AION 2.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jun 18, 2025

JSON