{"api_version":"1","generated_at":"2026-04-26T12:11:42+00:00","cve":"CVE-2025-52625","urls":{"html":"https://cve.report/CVE-2025-52625","api":"https://cve.report/api/cve/CVE-2025-52625.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-52625","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-52625"},"summary":{"title":"HCL AION is susceptible to Cacheable SSL Page Found vulnerability","description":"A vulnerability \n\nCacheable SSL Page Found vulnerability has been identified\n\n in HCL AION. \n\nCached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser\n\nThis issue affects AION: 2.0.","state":"PUBLISHED","assigner":"HCL","published_at":"2025-10-10 11:15:42","updated_at":"2026-04-25 17:58:08"},"problem_types":["CWE-525","CWE-525 CWE-525"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"psirt@hcl.com","type":"Secondary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444","name":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444","refsource":"psirt@hcl.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-52625","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52625","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"HCL","product":"AION","version":"affected 2.0","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"52625","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hcltech","cpe5":"aion","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"52625","cve":"CVE-2025-52625","epss":"0.000320000","percentile":"0.091190000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:19"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-52625","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-10-10T15:51:19.546453Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-10T15:51:43.666Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"AION","vendor":"HCL","versions":[{"status":"affected","version":"2.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A vulnerability&nbsp;\n\nCacheable SSL Page Found vulnerability has been identified\n\n in HCL AION.&nbsp;\n\nCached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser\n\n<p>This issue affects AION: 2.0.</p>"}],"value":"A vulnerability \n\nCacheable SSL Page Found vulnerability has been identified\n\n in HCL AION. \n\nCached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser\n\nThis issue affects AION: 2.0."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-525","description":"CWE-525","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-10T10:28:53.219Z","orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444"}],"source":{"discovery":"UNKNOWN"},"title":"HCL AION is susceptible to Cacheable SSL Page Found vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","assignerShortName":"HCL","cveId":"CVE-2025-52625","datePublished":"2025-10-10T10:28:53.219Z","dateReserved":"2025-06-18T14:00:41.703Z","dateUpdated":"2025-10-10T15:51:43.666Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-10-10 11:15:42","lastModifiedDate":"2026-04-25 17:58:08","problem_types":["CWE-525","CWE-525 CWE-525"],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:aion:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BEBB7E38-04AE-436B-8F21-65FF3CA3CECC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"52625","Ordinal":"1","Title":"HCL AION is susceptible to Cacheable SSL Page Found vulnerabilit","CVE":"CVE-2025-52625","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"52625","Ordinal":"1","NoteData":"A vulnerability \n\nCacheable SSL Page Found vulnerability has been identified\n\n in HCL AION. \n\nCached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser\n\nThis issue affects AION: 2.0.","Type":"Description","Title":"HCL AION is susceptible to Cacheable SSL Page Found vulnerabilit"}]}}}