Cyber Resilience

CVE-2025-52627

Medium

Published: 03 February 2026

Published
03 February 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0006 18.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52627 is a medium-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Hcltech Aion. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Linux and Mac Permissions (T1222.002); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-2 (Baseline Configuration) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-52627 is a configuration vulnerability in which the root file system is not mounted as read-only, allowing unintended modifications to critical system files and potentially increasing the risk of system compromise or unauthorized changes. This issue affects AION version 2.0 and is associated with CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability has a CVSS v3.1 base score of 5.5, reflecting medium severity.

Exploitation requires physical access to the system (AV:P), high attack complexity (AC:H), low privileges (PR:L), and user interaction (UI:R), with an unchanged impact scope (S:U). A successful attacker could achieve high confidentiality (C:H) and integrity (I:H) impacts, such as unauthorized reading or modification of sensitive data, but with no availability impact (A:N).

HCL Software has published a knowledge base article (KB0127972) addressing this vulnerability, available at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972, which likely provides guidance on mitigation or remediation steps.

EU & UK References

Vulnerability details

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1222.002 Linux and Mac Permissions Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
Why these techniques?

Root FS mounted without read-only directly enables unauthorized modification of critical files due to incorrect permissions (CWE-732), mapping to T1222.002.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-52644Same product: Hcltech Aion
CVE-2025-55252Same product: Hcltech Aion
CVE-2025-52626Same product: Hcltech Aion
CVE-2025-52631Same product: Hcltech Aion
CVE-2025-52660Same product: Hcltech Aion
CVE-2025-52659Same product: Hcltech Aion
CVE-2025-55251Same product: Hcltech Aion
CVE-2025-52643Same product: Hcltech Aion
CVE-2025-52636Same product: Hcltech Aion
CVE-2025-52628Same product: Hcltech Aion

Affected Assets

hcltech
aion
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires establishing and enforcing the read-only root filesystem mount option that the CVE shows was missing.

prevent

Mandates a secure baseline configuration that must include read-only mounting of the root filesystem to prevent unauthorized modifications.

prevent

Enforces access restrictions on critical system files via the filesystem mount, directly mitigating the unauthorized modification path described in the CVE.

References