CVE-2025-1484

Summary

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyAsset Suite9.6.4.4affected
Hitachi EnergyAsset Suite9.6.4.5unaffected

Weaknesses

  • CWE-184: CWE-184

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References