CVE-2025-52626
Published: 03 February 2026
Summary
CVE-2025-52626 is a medium-severity OS Command Injection (CWE-78) vulnerability in Hcltech Aion. Its CVSS base score is 4.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-52626 is a potential command injection vulnerability (CWE-78) in HCL AION version 2.0. It enables unintended command execution, which could lead to unauthorized actions on the underlying system. The vulnerability received a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-02-03.
Exploitation requires local access (AV:L), high attack complexity (AC:H), and low privileges (PR:L), with no user interaction needed (UI:N) and unchanged scope (S:U). A local low-privileged attacker could potentially inject commands to achieve low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), such as limited unauthorized system actions.
For mitigation details, refer to the HCL advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206678
Vulnerability details
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local OS command injection (CWE-78) directly enables arbitrary command execution on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of inputs to block command injection strings before they reach the underlying OS in AION 2.0.
Limits privileges of the low-privileged local account so any successful command injection yields only minimal impact on the system.
Restricts unnecessary shell interpreters and commands on the host, reducing the attack surface available for injected commands in AION.