Sensitive Cookie with Improper SameSite Attribute

CVE-2025-52628

Medium

4.6/10

Summary

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-1275 - Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

References

Advisory Timeline

Published Feb 03, 2026

Sensitive Cookie with Improper SameSite Attribute

CVE-2025-52628

Summary

CWE-1275 - Sensitive Cookie with Improper SameSite Attribute

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS