{"api_version":"1","generated_at":"2026-05-27T19:46:35+00:00","cve":"CVE-2025-62317","urls":{"html":"https://cve.report/CVE-2025-62317","api":"https://cve.report/api/cve/CVE-2025-62317.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-62317","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-62317"},"summary":{"title":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.","description":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.","state":"PUBLISHED","assigner":"HCL","published_at":"2026-05-14 17:16:19","updated_at":"2026-05-14 17:22:46"},"problem_types":["CWE-598","CWE-598 CWE-598: Use of HTTP Request With Sensitive Query String"],"metrics":[{"version":"3.1","source":"psirt@hcl.com","type":"Secondary","score":"2.6","severity":"LOW","vector":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"2.6","severity":"LOW","vector":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":2.6,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636","name":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636","refsource":"psirt@hcl.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-62317","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62317","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"HCL","product":"AION","version":"affected 2.1.0","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"62317","cve":"CVE-2025-62317","epss":"0.000220000","percentile":"0.066090000","score_date":"2026-05-25","updated_at":"2026-05-26 00:10:59"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"AION","vendor":"HCL","versions":[{"status":"affected","version":"2.1.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions."}],"value":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":2.6,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-598","description":"CWE-598: Use of HTTP Request With Sensitive Query String","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-14T16:13:34.907Z","orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636"}],"source":{"discovery":"UNKNOWN"},"title":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.","x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","assignerShortName":"HCL","cveId":"CVE-2025-62317","datePublished":"2026-05-14T16:13:34.907Z","dateReserved":"2025-10-10T09:04:16.878Z","dateUpdated":"2026-05-14T16:13:34.907Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-14 17:16:19","lastModifiedDate":"2026-05-14 17:22:46","problem_types":["CWE-598","CWE-598 CWE-598: Use of HTTP Request With Sensitive Query String"],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"62317","Ordinal":"1","Title":"HCL AION is affected by a vulnerability where sensitive informat","CVE":"CVE-2025-62317","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"62317","Ordinal":"1","NoteData":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.","Type":"Description","Title":"HCL AION is affected by a vulnerability where sensitive informat"}]}}}