CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en el componente de carga de medios de las versiones de Asset Suite que se indican a continuación. Si se explota con éxito, un atacante podría afectar la confidencialidad o la integridad del sistema. Un atacante puede usar esta vulnerabilidad para crear una solicitud que haga que el código JavaScript proporcionado por el atacante se ejecute en el navegador del usuario durante su sesión en la aplicación.

30 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-30 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-1484

Mitre link : CVE-2025-1484

CVE.ORG link : CVE-2025-1484

JSON object : View

Products Affected

No product.

CWE

CWE-184

Incomplete List of Disallowed Inputs

{"id": "CVE-2025-1484", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-30T13:15:20.953", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the media upload component of the Asset \nSuite versions listed below. If successfully exploited an attacker \ncould impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will \ncause JavaScript code supplied by the attacker to execute within \nthe user\u2019s browser in the context of that user\u2019s session with the \napplication."}, {"lang": "es", "value": "Existe una vulnerabilidad en el componente de carga de medios de las versiones de Asset Suite que se indican a continuaci\u00f3n. Si se explota con \u00e9xito, un atacante podr\u00eda afectar la confidencialidad o la integridad del sistema. Un atacante puede usar esta vulnerabilidad para crear una solicitud que haga que el c\u00f3digo JavaScript proporcionado por el atacante se ejecute en el navegador del usuario durante su sesi\u00f3n en la aplicaci\u00f3n."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cybersecurity@hitachienergy.com"}