Cyber Posture

CVE-2025-52637

Medium

Published: 16 March 2026

Published
16 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0007 21.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52637 is a medium-severity SQL Injection (CWE-89) vulnerability in Hcl Aion. Its CVSS base score is 4.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

SI-10 Information Input Validation
addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection (CWE-89) directly enables exploitation of public-facing or local applications to perform unauthorized database queries.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific…

more

conditions.

Deeper analysisAI

CVE-2025-52637 is a vulnerability in HCL AION that allows execution of potentially harmful SQL queries in certain offering configurations due to improper validation or restrictions on query execution. This issue, classified under CWE-89 (SQL Injection), could lead to unintended database interactions or limited information exposure under specific conditions. The vulnerability has a CVSS v3.1 base score of 4.5 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-03-16.

The attack requires local access (AV:L), high attack complexity (AC:H), and low privileges (PR:L) with no user interaction needed (UI:N). An attacker could achieve low impacts across confidentiality (C:L), integrity (I:L), and availability (A:L), potentially exposing limited information, modifying data, or causing minor service disruptions within the unchanged scope (S:U).

Mitigation details are provided in the HCL Software support advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410.

Details

CWE(s)
CWE-89

Affected Products

hcl
aion
2.0 — 2.1.2

CVEs Like This One

CVE-2025-52638Same product: Hcl Aion
CVE-2025-52648Same product: Hcl Aion
CVE-2026-3180Shared CWE-89
CVE-2025-1872Shared CWE-89
CVE-2026-32458Shared CWE-89
CVE-2026-24494Shared CWE-89
CVE-2025-26875Shared CWE-89
CVE-2026-26263Shared CWE-89
CVE-2026-30531Shared CWE-89
CVE-2025-7636Shared CWE-89

References