CVE-2025-52628

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0

Description HCL AION is susceptible to a cookie handling issue where cookies may lack proper SameSite attributes, or have insecure or improper configurations. This can allow cookies to be transmitted in unintended cross-site requests, potentially exposing the system to cross-site request forgery and similar security threats.

Recommendations Ensure that the SameSite attribute is correctly configured for all cookies used by HCL AION version 2.0. Implement the 'Strict' or 'Lax' SameSite attribute to prevent cross-site request forgery attacks.