CVE-2025-52645

Description

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

CVSS Details

CVSS Score

1.9

Severity

LOW

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:* - VULNERABLE

HCL AION < 2.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

暂无公开的PoC代码

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-52645
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-52645
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-52645/
[4] VulDB https://vuldb.com/cve/CVE-2025-52645
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-52645", "sourceIdentifier": "[email protected]", "published": "2026-03-16T15:16:18.707", "lastModified": "2026-04-25T18:04:19.093", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour."}, {"lang": "es", "value": "HCL AION está afectado por una vulnerabilidad donde los mecanismos de empaquetado y distribución de modelos podrían no incluir suficiente verificación de autenticidad. Esto podría permitir la posibilidad de que se utilicen artefactos de modelo no verificados o modificados, lo que podría llevar a problemas de integridad o a un comportamiento no deseado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.5, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-345"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.1.2", "matchCriteriaId": "1AD0DD06-7840-4FFE-8BCF-1B94410B237D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}