Cyber Resilience

CVE-2025-52648

Medium

Published: 16 March 2026

Published
16 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0012 1.9th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-52648 is a medium-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Hcl Aion. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Code Signing (T1553.002); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2025-52648 is a vulnerability in HCL AION where offering images are not digitally signed, potentially allowing the use of unverified or tampered images. This lack of image signing can lead to security risks such as integrity compromise or unintended system behavior. The issue is classified under CWE-347 (Improper Verification of Cryptographic Signature) with a CVSS v3.1 base score of 4.8 (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L), indicating medium severity.

Exploitation requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R), with no scope change (S:U). A local attacker with low privileges could trick a user into deploying or using tampered offering images, potentially resulting in low-impact unauthorized disclosure of information (C:L), modification (I:L), or denial of service (A:L), such as system integrity issues or unexpected behavior.

HCL has published a knowledge base article at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410 detailing mitigation steps for this vulnerability. The CVE was published on 2026-03-16T14:17:59.743.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in…

more

the system

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Lack of digital signature verification on offering images directly enables adversaries to subvert code signing controls (T1553.002) and facilitates supply chain compromise via tampered images (T1195.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-52637Same product: Hcl Aion
CVE-2025-52638Same product: Hcl Aion
CVE-2026-23992Shared CWE-347
CVE-2026-41431Shared CWE-347
CVE-2026-3338Shared CWE-347
CVE-2024-13172Shared CWE-347
CVE-2026-4600Shared CWE-347
CVE-2024-7344Shared CWE-347
CVE-2026-33895Shared CWE-347
CVE-2026-40070Shared CWE-347

Affected Assets

hcl
aion
2.0 — 2.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic signing of software/images to enforce verification before use, eliminating the exact weakness described in CWE-347 for offering images.

preventdetect

Mandates integrity verification (including digital signatures) of software and information to detect and block tampered offering images before deployment.

prevent

Requires verification of component authenticity, which would compel the use of signed images and reduce the risk of tampered artifacts entering the system.

References