CVE-2025-52628 – HCL AION versions 2.0 have a SameSite cookie vu... (How to Fix)

Q: What is the severity of CVE-2025-52628?

CVE-2025-52628 has a CVSS score of 4.6 (MEDIUM). HCL AION versions 2.0 have a SameSite cookie vulnerability that allows cookies to be sent in cross-site requests. This increases exposure to cross-site request forgery (CSRF) attacks where attackers could perform unauthorized actions on behalf of authenticated users. The vulnerability affects all deployments of HCL AION 2.0.

📋 TL;DR

HCL AION versions 2.0 have a SameSite cookie vulnerability that allows cookies to be sent in cross-site requests. This increases exposure to cross-site request forgery (CSRF) attacks where attackers could perform unauthorized actions on behalf of authenticated users. The vulnerability affects all deployments of HCL AION 2.0.

💻 Affected Systems

Products:

HCL AION

Versions: 2.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of HCL AION 2.0 are affected regardless of configuration.

📦 What is this software?

Aion by Hcltech

View all CVEs affecting Aion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform CSRF attacks to execute unauthorized administrative actions, modify user data, or perform transactions on behalf of authenticated users.

🟠

Likely Case

Attackers could perform CSRF attacks to modify user settings, change passwords, or perform limited unauthorized actions within the application.

🟢

If Mitigated

With proper CSRF tokens and other controls, impact is limited to potential session fixation or minor data leakage.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (visiting malicious site) and authenticated session in AION.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patch version

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Restart Required: Yes

Instructions:

1. Review HCL advisory KB0127972. 2. Apply the recommended patch from HCL. 3. Restart AION services. 4. Verify SameSite cookie attributes are properly set.

🔧 Temporary Workarounds

Configure SameSite cookie attributes

all

Manually configure SameSite=Strict or SameSite=Lax attributes for session cookies

Configure in AION application server settings or web server configuration

Implement CSRF tokens

all

Add CSRF tokens to all state-changing forms and validate them server-side

Implement CSRF protection in AION application code

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect CSRF attempts
Use browser security headers like Content-Security-Policy and X-Frame-Options

🔍 How to Verify

Check if Vulnerable:

Check browser developer tools for cookies without SameSite attributes or with SameSite=None without Secure flag

Check Version:

Check AION administration console or version files for exact version

Verify Fix Applied:

Verify cookies have SameSite=Strict or SameSite=Lax attributes and Secure flag when needed

📡 Detection & Monitoring

Log Indicators:

Unexpected state changes without corresponding user actions
Multiple failed CSRF token validations

Network Indicators:

Requests with missing or invalid Referer headers for state-changing operations
Cross-origin requests with session cookies

SIEM Query:

source="aion_logs" AND (event="state_change" AND NOT user_action="confirmed")

📊 Metadata

CVE ID: CVE-2025-52628

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE: CWE-1275

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: February 3, 2026

Last Updated: February 11, 2026

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52628, you might also want to check these: