CVE-2025-52659

Description

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

CVSS Details

CVSS Score

2.8

Severity

LOW

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:aion:2.0.0:*:*:*:*:*:*:* - VULNERABLE

HCL AION Version 2（所有版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-52659 PoC - HCL AION Version 2 Cacheable HTTP Response
# This PoC demonstrates the vulnerability by checking for missing cache control headers

def check_cachable_response(target_url):
    """
    Check if the target URL returns cacheable HTTP responses
    """
    print(f"[*] Testing target: {target_url}")
    
    try:
        # Send request without browser-like headers
        response = requests.get(target_url, timeout=10)
        
        print(f"\n[+] Status Code: {response.status_code}")
        print(f"[+] Content-Length: {len(response.content)}")
        
        # Check for cache-related headers
        cache_headers = {
            'Cache-Control': response.headers.get('Cache-Control', 'NOT SET'),
            'Pragma': response.headers.get('Pragma', 'NOT SET'),
            'Expires': response.headers.get('Expires', 'NOT SET'),
            'ETag': response.headers.get('ETag', 'NOT SET'),
            'Last-Modified': response.headers.get('Last-Modified', 'NOT SET')
        }
        
        print("\n[*] Cache Control Headers:")
        for header, value in cache_headers.items():
            print(f"    {header}: {value}")
        
        # Vulnerability check logic
        vulnerable = False
        if cache_headers['Cache-Control'] == 'NOT SET' or 'no-store' not in cache_headers['Cache-Control'].lower():
            print("\n[!] WARNING: Cache-Control header is missing or does not contain 'no-store'")
            vulnerable = True
        
        if cache_headers['Pragma'] == 'NOT SET' or 'no-cache' not in cache_headers['Pragma'].lower():
            print("[!] WARNING: Pragma header is missing or does not contain 'no-cache'")
            vulnerable = True
        
        if vulnerable:
            print("\n[!] VULNERABLE: HTTP responses may be cached by browser or proxy")
            print("[!] This could lead to information disclosure of sensitive data")
        else:
            print("\n[+] NOT VULNERABLE: Proper cache control headers are set")
            
        return vulnerable
        
    except requests.RequestException as e:
        print(f"[-] Error: {e}")
        return None

if __name__ == "__main__":
    if len(sys.argv) > 1:
        target = sys.argv[1]
    else:
        target = input("Enter target URL: ").strip()
    
    check_cachable_response(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-52659
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-52659
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-52659/
[4] VulDB https://vuldb.com/cve/CVE-2025-52659
[5] https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-52659", "sourceIdentifier": "[email protected]", "published": "2026-01-19T18:16:03.633", "lastModified": "2026-04-25T18:04:34.397", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure."}, {"lang": "es", "value": "HCL AION versión 2 está afectada por una vulnerabilidad de respuesta HTTP cacheable. Esto puede llevar al almacenamiento no intencionado de contenido sensible o dinámico, lo que podría resultar en acceso no autorizado o revelación de información."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "baseScore": 2.8, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.3, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-525"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aion:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEBB7E38-04AE-436B-8F21-65FF3CA3CECC"}]}]}], "references": [{"url": "https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}