CVE-2025-27631

Summary

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyTRMTracker6.2 <= 6.2.04affected
Hitachi EnergyTRMTracker6.3 <= 6.3.01affected

Weaknesses

  • CWE-90: CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References