CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2500
https://notcve.org/view.php?id=CVE-2025-2500
30 May 2025 — A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1484
https://notcve.org/view.php?id=CVE-2025-1484
30 May 2025 — A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-184: Incomplete List of Disallowed Inputs •