Description

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

INFO

Published Date :

2025-10-10T10:25:32.591Z

Last Modified :

2026-02-03T17:45:58.542Z

Source :

HCL
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52624 vulnerability.

Vendors Products
Hcltech
  • Aion
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52624.

URL Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact