CVE-2025-52661

Name of the Vulnerable Software and Affected Versions HCL AION version 2

Description HCL AION version 2 is susceptible to a JWT Token Expiry Too Long issue. This could elevate the risk of token misuse, potentially leading to unauthorized access if a token is compromised. The JWT (JSON Web Token) standard is used for securely transmitting information between parties as a JSON object. A long expiry time for the token increases the window of opportunity for malicious actors to exploit a compromised token.

Recommendations Ensure the JWT token expiry time is appropriately configured to minimize the risk of unauthorized access.