{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-62317","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2025-10-10T09:04:16.878Z","datePublished":"2026-05-14T16:13:34.907Z","dateUpdated":"2026-05-14T18:31:43.789Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2026-05-14T16:13:34.907Z"},"title":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-598","description":"CWE-598: Use of HTTP Request With Sensitive Query String","type":"CWE"}]}],"affected":[{"vendor":"HCL","product":"AION","versions":[{"status":"affected","version":"2.1.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.","supportingMedia":[{"type":"text/html","base64":false,"value":"HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions."}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"LOW","baseScore":2.6,"vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-14T18:31:31.916059Z","id":"CVE-2025-62317","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-14T18:31:43.789Z"}}]}}