CVE-2025-52631

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0

Description HCL AION is susceptible to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. This can permit insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.

Recommendations Ensure that a secure HSTS header is implemented and configured correctly for HCL AION version 2.0.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-52631

Affected Products

Aion

CVE-2025-52631

Weakness Enumeration

Related Identifiers

Affected Products

References · 5