CVE-2025-27632

Summary

A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyTRMTracker6.2 <= 6.2.04affected
Hitachi EnergyTRMTracker6.3 <= 6.3.01affected

Weaknesses

  • CWE-644: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References