CVE-2025-52631HIGH 8.1EPSS p9.8%

CVE-2025-52631CVE-2025-52631

Description

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.20% probability of exploitation · percentile 9.8% · 2026-06-18T12:00:27Z
Published2026-02-03
Last modified2026-04-27

Underlying weaknesses· 1

CWE-200

References

  1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52628
CVE
CVE-2025-52635
CVE
CVE-2025-52626
CVE
CVE-2025-52648
CVE
CVE-2025-55251
CVE
CVE-2025-52660
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.