CVE-2025-62312

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

CVSS 3 LOWEPSS 0.1%CWE-522

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected products

HCL · AION

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636