Cyber Posture

CVE-2025-55251

Low

Published: 19 January 2026

Published
19 January 2026
Modified
25 April 2026
KEV Added
Patch
CVSS Score 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
EPSS Score 0.0005 14.4th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55251 is a low-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Hcltech Aion. Its CVSS base score is 3.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

MP-7 Media Use
addresses: CWE-434

Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.

SC-44 Detonation Chambers
addresses: CWE-434

Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.

SC-51 Hardware-based Protection
addresses: CWE-434

Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.

SI-3 Malicious Code Protection
addresses: CWE-434

Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Unrestricted file upload (CWE-434) directly enables web shell deployment for code execution on the affected system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

Deeper analysisAI

CVE-2025-55251 is an Unrestricted File Upload vulnerability affecting HCL AION. Published on 2026-01-19, the flaw enables malicious file uploads, potentially resulting in unauthorized code execution or system compromise. It carries a CVSS v3.1 base score of 3.1 (AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L) and maps to CWE-434.

Exploitation requires local access, low attack complexity, high privileges, and user interaction. A suitably positioned attacker could upload malicious files, achieving low-impact effects on integrity and availability with no confidentiality impact, which may lead to unauthorized code execution or broader system compromise.

HCL has issued a knowledge base article at https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# providing details on the vulnerability. Security practitioners should consult this advisory for recommended mitigations and patch information.

Details

CWE(s)
CWE-434

Affected Products

hcltech
aion
2.0.0

CVEs Like This One

CVE-2025-52660Same product: Hcltech Aion
CVE-2025-52626Same product: Hcltech Aion
CVE-2025-52631Same product: Hcltech Aion
CVE-2025-52636Same product: Hcltech Aion
CVE-2025-52659Same product: Hcltech Aion
CVE-2025-52644Same product: Hcltech Aion
CVE-2025-55252Same product: Hcltech Aion
CVE-2025-52628Same product: Hcltech Aion
CVE-2025-52643Same product: Hcltech Aion
CVE-2025-52627Same product: Hcltech Aion

References