CVE-2025-52660

Low

Published: 19 January 2026

Published

19 January 2026

Modified

25 April 2026

KEV Added

—

Patch

—

CVSS Score 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0007 20.9th percentile

Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52660 is a low-severity Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644) vulnerability in Hcltech Aion. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 20.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Unrestricted file upload directly enables web shell deployment (T1505.003) and subsequent command/script execution (T1059) on the server.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Deeper analysisAI

CVE-2025-52660 is an Unrestricted File Upload vulnerability affecting HCL AION. This flaw enables the upload of malicious files, which could potentially lead to unauthorized code execution or system compromise. The vulnerability is classified under CWE-644 and has a CVSS v3.1 base score of 2.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N), indicating low severity primarily due to the high privileges required for exploitation.

Attackers with high-privilege access, such as authenticated administrators, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited unauthorized access to confidential information, though the unchanged scope limits broader impacts on integrity or availability. While the description notes potential for code execution or system compromise, the scored impact remains low confidentiality disclosure.

The HCL Software support knowledge base article at https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# provides details on mitigation, including any available patches or workarounds for HCL AION. Security practitioners should consult this advisory for specific remediation steps.

Details

CWE(s): CWE-644

Affected Products

hcltech

aion

2.0.0

CVEs Like This One

CVE-2025-55251Same product: Hcltech Aion

CVE-2025-52626Same product: Hcltech Aion

CVE-2025-52636Same product: Hcltech Aion

CVE-2025-52643Same product: Hcltech Aion

CVE-2025-55252Same product: Hcltech Aion

CVE-2025-52644Same product: Hcltech Aion

CVE-2025-52628Same product: Hcltech Aion

CVE-2025-52631Same product: Hcltech Aion

CVE-2025-52627Same product: Hcltech Aion

CVE-2025-52659Same product: Hcltech Aion

References

https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995#
Permissions Required · psirt@hcl.com