CVE-2025-1484 MEDIUM

CVE-2025-1484

Vendor Hitachi Energy
Product Asset Suite
Weakness CWE-184
Published May 30, 2025
Last update May 30, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

Key dates

02Disclosure timeline

May 30, 2025 CVE published
May 30, 2025 Record updated