Command Injection Vulnerability in TropOS 4th Gen Device by Hitachi Energy
CVE-2025-1038

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Tropos 4th Gen
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-1038?

The Diagnostics Tools page in the TropOS 4th Gen's web-based configuration utility lacks proper validation for user-controlled input. This flaw enables authenticated users with elevated privileges to inject arbitrary commands into the device's command shell. The executed commands can manipulate several set-uid (SUID) applications, potentially granting unauthorized root access to the system. This vulnerability poses significant security risks, allowing potential attackers to exploit the device's capabilities maliciously.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TropOS 4th Gen 8.7.0.0 < 8.9.6.0

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Feb 4, 2025

JSON

Hitachi

What is CVE-2025-1038?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.