Cyber Resilience

CVE-2025-52660

Low

Published: 19 January 2026

Published
19 January 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score v3.1 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0028 19.7th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2025-52660 is a low-severity Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644) vulnerability in Hcltech Aion. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 19.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2025-52660 is an Unrestricted File Upload vulnerability affecting HCL AION. This flaw enables the upload of malicious files, which could potentially lead to unauthorized code execution or system compromise. The vulnerability is classified under CWE-644 and has a CVSS v3.1 base score of 2.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N), indicating low severity primarily due to the high privileges required for exploitation.

Attackers with high-privilege access, such as authenticated administrators, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited unauthorized access to confidential information, though the unchanged scope limits broader impacts on integrity or availability. While the description notes potential for code execution or system compromise, the scored impact remains low confidentiality disclosure.

The HCL Software support knowledge base article at https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# provides details on mitigation, including any available patches or workarounds for HCL AION. Security practitioners should consult this advisory for specific remediation steps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Unrestricted file upload directly enables web shell deployment (T1505.003) and subsequent command/script execution (T1059) on the server.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55251Same product: Hcltech Aion
CVE-2025-52626Same product: Hcltech Aion
CVE-2025-52636Same product: Hcltech Aion
CVE-2025-52627Same product: Hcltech Aion
CVE-2025-52644Same product: Hcltech Aion
CVE-2025-52631Same product: Hcltech Aion
CVE-2025-55252Same product: Hcltech Aion
CVE-2025-52628Same product: Hcltech Aion
CVE-2025-52659Same product: Hcltech Aion
CVE-2025-52643Same product: Hcltech Aion

Affected Assets

hcltech
aion
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of file type, content, and extension on uploads to HCL AION, directly blocking the unrestricted malicious file uploads described in CVE-2025-52660.

preventdetect

Requires automated scanning and blocking of malicious code in uploaded files before they can be stored or executed on the AION system.

prevent

Limits file-upload functionality to only those accounts that require it, reducing the attack surface for the high-privilege exploitation path noted in the CVE.

References