Cyber Resilience

CVE-2025-52626

Medium

Published: 03 February 2026

Published
03 February 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0058 43.3th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-52626 is a medium-severity OS Command Injection (CWE-78) vulnerability in Hcltech Aion. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-52626 is a potential command injection vulnerability (CWE-78) in HCL AION version 2.0. It enables unintended command execution, which could lead to unauthorized actions on the underlying system. The vulnerability received a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-02-03.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and low privileges (PR:L), with no user interaction needed (UI:N) and unchanged scope (S:U). A local low-privileged attacker could potentially inject commands to achieve low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), such as limited unauthorized system actions.

For mitigation details, refer to the HCL advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Local OS command injection (CWE-78) directly enables arbitrary command execution on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-52660Same product: Hcltech Aion
CVE-2025-55251Same product: Hcltech Aion
CVE-2025-52628Same product: Hcltech Aion
CVE-2025-52644Same product: Hcltech Aion
CVE-2025-52627Same product: Hcltech Aion
CVE-2025-52659Same product: Hcltech Aion
CVE-2025-55252Same product: Hcltech Aion
CVE-2025-52636Same product: Hcltech Aion
CVE-2025-52631Same product: Hcltech Aion
CVE-2025-52643Same product: Hcltech Aion

Affected Assets

hcltech
aion
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to block command injection strings before they reach the underlying OS in AION 2.0.

prevent

Limits privileges of the low-privileged local account so any successful command injection yields only minimal impact on the system.

prevent

Restricts unnecessary shell interpreters and commands on the host, reducing the attack surface available for injected commands in AION.

References