CVE-2025-55251
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-01-19
CWE-434
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hcltech | aion | 2.0 |
References
- support.hcl-software.com (Permissions Required)