CVE-2025-52631

CVSS Score & Metrics

Base Score

3.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L                                    

Vulnerability Description

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.

Vulnerability Details

Published Date

February 03, 2026

Last Modified

February 04, 2026

CWE ID

CWE-200

Source

NVD

Vendor

HCL

Product

AION

External References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment