Command Injection Vulnerability in Hitachi Energy's TropOS 4th Gen Device
CVE-2025-1036

8.7HIGH

Key Information:

Vendor: Hitachi
Status: Tropos 4th Gen
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-1036?

A command injection vulnerability is present in the Logging page of the web-based configuration utility of the TropOS 4th Gen device. An authenticated user with limited network privileges can exploit this vulnerability to execute arbitrary commands on the underlying operating system, potentially gaining unauthorized root SSH access. This flaw emphasizes the need for stringent access controls and regular security assessments in network management utilities.

Affected Version(s)

TropOS 4th Gen 8.7.0.0 <= 8.9.6.0

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Feb 4, 2025

JSON