CVE-2025-52659
Published: 19 January 2026
Summary
CVE-2025-52659 is a low-severity Use of Web Browser Cache Containing Sensitive Information (CWE-525) vulnerability in Hcltech Aion. Its CVSS base score is 2.8 (Low).
Operationally, ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
Deeper analysisAI
CVE-2025-52659 is a Cacheable HTTP Response vulnerability, classified under CWE-525, affecting HCL AION version 2. This flaw may result in the unintended storage of sensitive or dynamic content in caches, potentially enabling unauthorized access or information disclosure. The vulnerability received a CVSS v3.1 base score of 2.8 (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L) and was published on 2026-01-19.
Exploitation requires local access, low attack complexity, low privileges, and user interaction. A local attacker with low-level privileges could trick a user into performing an action that triggers a cacheable HTTP response containing sensitive or dynamic content. While the description notes potential for unauthorized access or disclosure, the CVSS metrics indicate no confidentiality or integrity impact, with effects limited to low availability disruption.
Mitigation guidance is available in the HCL Software support knowledge base article at https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#.
Details
- CWE(s)