HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.
Summary
| CVE | CVE-2025-62317 |
|---|---|
| State | PUBLISHED |
| Assigner | HCL |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-14 17:16:19 UTC |
| Updated | 2026-05-14 17:22:46 UTC |
| Description | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions. |
Risk And Classification
Primary CVSS: v3.1 2.6 LOW from [email protected]
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
EPSS: 0.000220000 probability, percentile 0.066090000 (date 2026-05-25)
Problem Types: CWE-598 | CWE-598 CWE-598: Use of HTTP Request With Sensitive Query String
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 2.6 | LOW | CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N |
| 3.1 | CNA | CVSS | 2.6 | LOW | CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
HighPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.hcl-software.com/csm | [email protected] | support.hcl-software.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.