CVE-2025-62312 PUBLISHED

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

Assigner: HCL
Reserved: 10.10.2025 Published: 14.05.2026 Updated: 14.05.2026

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CVSS Score: 3

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HCL
Product	AION
Versions	Default: unaffected Version 2.1.0 is affected

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636

Problem Types

CWE-522: Insufficiently Protected Credentials CWE