VDB

CVE-2025-1484

CVE-2025-1484 PUBLISHED CVSS 6.300000190734863 MEDIUM

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

EPSS 0.17% · 37.6th percentile

Risk Scores

CVSS 4.0
6.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
EPSS Score
0.17%
37.6th percentile

Affected Products

VendorProductVersions
Hitachi EnergyAsset Suite9.6.4.4, 9.6.4.5

Timeline

  • Feb 19, 2025 CVE ID Reserved
  • May 30, 2025 Coalition ESS Score
  • May 30, 2025 CVE Published
  • May 30, 2025 PoC Published
  • May 30, 2025 CVE Updated
  • May 31, 2025 EPSS Score
  • Jun 11, 2025 EPSS Score
  • Jun 22, 2025 EPSS Score
  • Jul 2, 2025 EPSS Score
  • Jul 13, 2025 EPSS Score
  • Jul 15, 2025 PoC Published
  • Jul 24, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›