CVE-2025-1484

MEDIUM

Asset Suite - XSS

Title source: llm

Description

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

References (1)

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-184

Status published

Products (2)

Hitachi Energy/Asset Suite 9.6.4.4

Hitachi Energy/Asset Suite 9.6.4.5

Published May 30, 2025

Tracked Since Feb 18, 2026