CVE-2025-2500

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad en SOAP Web de las versiones de Asset Suite que se indican a continuación. Si se explota con éxito, un atacante podría obtener acceso no autorizado al producto y ampliar el plazo para un posible ataque de contraseña.

30 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-30 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2500

Mitre link : CVE-2025-2500

CVE.ORG link : CVE-2025-2500

JSON object : View

Products Affected

No product.

CWE

CWE-256

Plaintext Storage of a Password

{"id": "CVE-2025-2500", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-30T13:15:22.100", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the SOAP Web services of the Asset \nSuite versions listed below. If successfully exploited, an attacker \ncould gain unauthorized access to the product and the time window of a possible password attack could be expanded."}, {"lang": "es", "value": "Existe una vulnerabilidad en SOAP Web de las versiones de Asset Suite que se indican a continuaci\u00f3n. Si se explota con \u00e9xito, un atacante podr\u00eda obtener acceso no autorizado al producto y ampliar el plazo para un posible ataque de contrase\u00f1a."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cybersecurity@hitachienergy.com"}