CVE-2025-1484

MEDIUM

Hitachi Energy Asset Suite 9.6.4.4-9.6.4.5 - Stored Cross-Site Scripting via Media Upload Component

Title source: llm

Description

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

References (1)

Core 1

Core References

Various Sources

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 9.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-184

Status published

Products (2)

Hitachi Energy/Asset Suite 9.6.4.4

Hitachi Energy/Asset Suite 9.6.4.5

Published May 30, 2025

Tracked Since Feb 18, 2026