CVE-2025-52648

low-risk

Published 2026-03-16

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Aion

Affected Vendors

Hcl

References (1)

Vendor Advisory https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal