CVE-2025-52638

Description

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.

CVSS Details

CVSS Score

5.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:* - VULNERABLE

HCL AION < 修复版本（官方尚未公布具体版本号）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-52638 PoC - 检查容器是否以root权限运行
# Usage: python poc.py

import subprocess
import os

def check_container_root_privilege():
    """
    Check if containers are running with root privileges
    This PoC demonstrates the vulnerability in HCL AION
    """
    print("[*] Checking HCL AION container privileges...")
    
    # Check current user ID in container
    uid = os.getuid()
    euid = os.geteuid()
    print(f"[+] Current UID: {uid}")
    print(f"[+] Effective UID: {euid}")
    
    if uid == 0 or euid == 0:
        print("[!] VULNERABLE: Container is running as root!")
        print("[!] This indicates CVE-2025-52638 is present")
        return True
    else:
        print("[+] SAFE: Container is running as non-root user")
        return False

def check_hcl_aion_containers():
    """
    List HCL AION related containers and check their privilege status
    """
    try:
        result = subprocess.run(
            ['docker', 'ps', '--filter', 'name=aion', '--format', '{{.Names}}:{{.Image}}'],
            capture_output=True,
            text=True
        )
        containers = result.stdout.strip().split('\n')
        
        for container in containers:
            if container:
                name, image = container.split(':')
                print(f"[*] Found AION container: {name} (Image: {image})")
                
                # Check if running as root
                user_result = subprocess.run(
                    ['docker', 'exec', name, 'id'],
                    capture_output=True,
                    text=True
                )
                print(f"[+] Container user: {user_result.stdout.strip()}")
                
    except Exception as e:
        print(f"[-] Error checking containers: {e}")

if __name__ == "__main__":
    print("=" * 60)
    print("CVE-2025-52638 PoC - HCL AION Container Root Privilege Check")
    print("=" * 60)
    
    is_vulnerable = check_container_root_privilege()
    check_hcl_aion_containers()
    
    if is_vulnerable:
        print("\n[!] Recommendation: Reconfigure container to run as non-root user")
        print("[!] Add 'USER' instruction in Dockerfile or use gosu/sudo")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-52638
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-52638
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-52638/
[4] VulDB https://vuldb.com/cve/CVE-2025-52638
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-52638", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:59.610", "lastModified": "2026-03-27T17:27:23.670", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible."}, {"lang": "es", "value": "HCL AION se ve afectado por una vulnerabilidad donde las imágenes base de los contenedores no se autentican correctamente. Esto puede exponer el sistema a riesgos de seguridad potenciales, como el uso de imágenes de contenedor no confiables, lo que podría llevar a un comportamiento no deseado o a un impacto en la seguridad."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.3, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-345"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndExcluding": "2.1.2", "matchCriteriaId": "43DEFA2D-ED07-4867-BC69-DD77EABA83B0"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}