Cyber Resilience

CVE-2025-55251

Low

Published: 19 January 2026

Published
19 January 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
EPSS Score 0.0018 7.3th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2025-55251 is a low-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Hcltech Aion. Its CVSS base score is 3.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2025-55251 is an Unrestricted File Upload vulnerability affecting HCL AION. Published on 2026-01-19, the flaw enables malicious file uploads, potentially resulting in unauthorized code execution or system compromise. It carries a CVSS v3.1 base score of 3.1 (AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L) and maps to CWE-434.

Exploitation requires local access, low attack complexity, high privileges, and user interaction. A suitably positioned attacker could upload malicious files, achieving low-impact effects on integrity and availability with no confidentiality impact, which may lead to unauthorized code execution or broader system compromise.

HCL has issued a knowledge base article at https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# providing details on the vulnerability. Security practitioners should consult this advisory for recommended mitigations and patch information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Unrestricted file upload (CWE-434) directly enables web shell deployment for code execution on the affected system.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-52660Same product: Hcltech Aion
CVE-2025-52626Same product: Hcltech Aion
CVE-2025-52628Same product: Hcltech Aion
CVE-2025-52644Same product: Hcltech Aion
CVE-2025-52627Same product: Hcltech Aion
CVE-2025-52659Same product: Hcltech Aion
CVE-2025-55252Same product: Hcltech Aion
CVE-2025-52636Same product: Hcltech Aion
CVE-2025-52631Same product: Hcltech Aion
CVE-2025-52643Same product: Hcltech Aion

Affected Assets

hcltech
aion
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all information inputs, including file type, content, and extension checks that block malicious uploads before they reach the system.

preventdetect

Mandates malicious code protection mechanisms that can scan and block uploaded files containing executable payloads.

prevent

Requires integrity verification of software and information, enabling detection of unauthorized or tampered files during the upload process.

References