CVE-2025-27633

Summary

The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyTRMTracker6.2 <= 6.2.04affected
Hitachi EnergyTRMTracker6.3 <= 6.3.01affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References