Input Field Vulnerability in HCL AION Product
CVE-2025-62309

2.6LOW

Key Information:

Vendor: HCL Software
Status: Aion
Vendor: CVE Published:; 14 May 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-62309?

HCL AION has a vulnerability related to the auto-complete functionality enabled for certain input fields. This flaw may inadvertently allow sensitive information to be stored in the browser, posing a risk of unintended exposure of personal data when users interact with these fields under particular conditions. To mitigate potential risks, users are advised to disable auto-complete features for sensitive inputs and stay updated on product patches and security recommendations.

Affected Version(s)

AION 2.1.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Oct 10, 2025

CVE-2025-62309 Data

JSON