CVE-2025-2500

HIGH

Asset Suite - Unauthorized Access

Title source: llm

Description

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.

References (1)

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 7.4

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256

Status published

Products (2)

Hitachi Energy/Asset Suite 9.6.4.4

Hitachi Energy/Asset Suite 9.7

Published May 30, 2025

Tracked Since Feb 18, 2026