CVE-2025-52644
Published: 16 March 2026
Summary
CVE-2025-52644 is a medium-severity Insufficient Logging (CWE-778) vulnerability in Hcltech Aion. Its CVSS base score is 5.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable Windows Event Logging (T1562.002); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-12 (Audit Record Generation) and AU-2 (Event Logging).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AU-12 mandates generation of audit records for organization-defined events, directly mitigating the absence of logging for certain user actions in HCL AION.
AU-2 requires identification and logging of auditable events including user activities, ensuring traceability that is lacking in this vulnerability.
AU-3 ensures audit records contain essential details like user identity, action type, and timestamps, enabling effective monitoring and forensics for unlogged user actions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insufficient logging (CWE-778) directly enables evasion of audit mechanisms, allowing unlogged actions equivalent to impairing event logging (T1562.002) and removing indicators of activity (T1070).
NVD Description
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
Deeper analysisAI
CVE-2025-52644 is a vulnerability in HCL AION where certain user actions are not adequately audited or logged. This absence of proper auditing mechanisms reduces the traceability of user activities, potentially impacting monitoring, accountability, and incident investigation processes. The issue is classified under CWE-778 and carries a CVSS v3.1 base score of 5.8 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating moderate severity with local access required, high attack complexity, and low privileges needed.
A local attacker with low privileges could exploit this vulnerability by performing actions that evade logging, achieving low confidentiality impact, high integrity impact, and low availability impact. The lack of auditing hinders detection and forensic analysis, allowing unauthorized modifications or other malicious activities to go unnoticed during monitoring or post-incident reviews, though exploitation demands high complexity and local access.
HCL has addressed the vulnerability through a support knowledge base article available at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410, which likely details mitigation steps, though specific patch or configuration guidance is outlined there. The CVE was published on 2026-03-16T15:16:18.567.
Details
- CWE(s)