{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52637", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:00:43.106Z", "datePublished": "2026-03-16T12:27:48.222Z", "dateUpdated": "2026-03-16T14:54:07.756Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T12:37:35.513Z"}, "title": "Multiple security vulnerabilities affect HCL AION", "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T14:54:03.296742Z", "id": "CVE-2025-52637", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:54:07.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:54:03.296742Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:53:57.945Z"}}], "cna": {"title": "Multiple security vulnerabilities affect HCL AION", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "AION", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.", "supportingMedia": [{"type": "text/html", "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-16T12:37:35.513Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52637", "state": "PUBLISHED", "dateUpdated": "2026-03-16T14:54:07.756Z", "dateReserved": "2025-06-18T14:00:43.106Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-16T12:27:48.222Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*", "matchCriteriaId": "43DEFA2D-ED07-4867-BC69-DD77EABA83B0", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions."}, {"lang": "es", "value": "HCL AION se ve afectado por una vulnerabilidad donde ciertas configuraciones de la oferta pueden permitir la ejecuci\u00f3n de consultas SQL potencialmente da\u00f1inas. Una validaci\u00f3n o restricciones inadecuadas en la ejecuci\u00f3n de consultas podr\u00edan exponer el sistema a interacciones no deseadas con la base de datos o a una exposici\u00f3n limitada de informaci\u00f3n bajo condiciones espec\u00edficas."}], "id": "CVE-2025-52637", "lastModified": "2026-03-27T17:31:23.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:17:59.457", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 80.0, "source": "matching"}]}, "original": {"product": "AION", "source": "cna", "vendor": "HCL"}, "product": "aion", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-03-27T18:28:59.039808+00:00", "value": {"mitigation_remediation": ["Check for and apply any available HCL AION patch or update that addresses this SQL injection issue.", "Review and tighten configuration options that permit arbitrary SQL execution, ensuring only safe and whitelisted queries can run.", "Validate all inputs that influence query construction and avoid direct user input in SQL without sanitization.", "Use a database account with the least privileges necessary for the application to run.", "Enable logging and monitor for suspicious query activity to detect potential exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Data Exposure via SQL Injection"}, "threat_synthesis": {"affected_systems": "HCL AION is the affected product. No specific product versions are listed in the CNA data, so all installations of HCL AION are potentially vulnerable unless otherwise patched by HCL. No other vendors or products are named.", "description_and_impact": "The vulnerability allows certain configurations within HCL AION to execute arbitrary SQL queries. If an attacker can influence these configurations, they could cause unintended database interactions, potentially leaking sensitive data or executing harmful queries. The weakness is a classic SQL injection flaw that could compromise confidentiality and integrity. The impact is limited to the data exposed by the compromised queries rather than complete system takeover.", "risk_and_exploitability": "The CVSS score is 4.5, indicating moderate severity, and the EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Likely attack vectors require the attacker to modify or input configuration settings that enable the execution of arbitrary SQL, which could be through internal users, compromised accounts, or improperly secured configuration interfaces. This information is inferred from the description; specific exploitation steps are not detailed."}}}}, "created": "2026-03-24T10:44:37.224539+00:00", "updated": "2026-03-30T08:00:24.505693+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$aion"]}