XXE Vulnerability in Hitachi JP1/IT Desktop Management on Windows
CVE-2025-27523

8.7HIGH

Key Information:

Vendor: Hitachi
Status: Jp1/it Desktop Management 2 - Smart Device Manager
Vendor: CVE Published:; 15 May 2025

What is CVE-2025-27523?

An XML External Entity (XXE) vulnerability exists in Hitachi's JP1/IT Desktop Management 2 - Smart Device Manager application for Windows. This vulnerability poses risks by allowing attackers to exploit the software to manipulate XML inputs, potentially leading to exposure of sensitive information or unauthorized access to system resources. Affected versions include those released prior to 12-00-08 and within specified ranges from earlier releases, making it vital for users to assess and patch their systems to mitigate this security issue.

Affected Version(s)

JP1/IT Desktop Management 2 - Smart Device Manager Windows 12-00 < 12-00-08

JP1/IT Desktop Management 2 - Smart Device Manager Windows 11-10 <= 11-10-08

JP1/IT Desktop Management 2 - Smart Device Manager Windows 11-00 <= 11-00-05

References

https://www.hitachi.com/products/it/software/security/inf...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2025
Vulnerability Reserved
Feb 27, 2025