CVE-2025-52625

EPSS 0.04%
Veröffentlicht 10.10.2025 10:28:53
Zuletzt bearbeitet 24.10.2025 19:34:47
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability 

Cacheable SSL Page Found vulnerability has been identified

 in HCL AION. 

Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser

This issue affects AION: 2.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Aion Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.134

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-52625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52625

EUVD