Cyber Resilience

CVE-2025-52637

Medium

Published: 16 March 2026

Published
16 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0008 23.9th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52637 is a medium-severity SQL Injection (CWE-89) vulnerability in Hcl Aion. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-52637 is a vulnerability in HCL AION that allows execution of potentially harmful SQL queries in certain offering configurations due to improper validation or restrictions on query execution. This issue, classified under CWE-89 (SQL Injection), could lead to unintended database interactions or limited information exposure under specific conditions. The vulnerability has a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-03-16.

The attack requires local access (AV:L), high attack complexity (AC:H), and low privileges (PR:L) with no user interaction needed (UI:N). An attacker could achieve low impacts across confidentiality (C:L), integrity (I:L), and availability (A:L), potentially exposing limited information, modifying data, or causing minor service disruptions within the unchanged scope (S:U).

Mitigation details are provided in the HCL Software support advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410.

EU & UK References

Vulnerability details

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific…

more

conditions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection (CWE-89) directly enables exploitation of public-facing or local applications to perform unauthorized database queries.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-52638Same product: Hcl Aion
CVE-2025-52648Same product: Hcl Aion
CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89
CVE-2026-33078Shared CWE-89

Affected Assets

hcl
aion
2.0 — 2.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs (including SQL queries) to reject malformed or dangerous content before execution, blocking the root cause of this CWE-89 flaw.

prevent

Enforces mediation of all access requests so that only explicitly permitted database operations are allowed, preventing unauthorized or harmful query execution in misconfigured offerings.

prevent

Restricts accounts and processes to the minimum privileges needed, limiting the impact of any successfully submitted malicious SQL to only the least-privileged data and functions.

References