LDAP Injection Vulnerability in TRMTracker Web Application by Hitachi Energy
CVE-2025-27631

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Trmtracker
Vendor: CVE Published:; 25 March 2025

Summary

The TRMTracker web application contains a vulnerability that may allow attackers to perform LDAP injection attacks. This security flaw enables unauthorized individuals to manipulate LDAP queries by injecting malicious code, potentially leading to the execution of remote commands. This can facilitate unauthorized reading and updating of sensitive data within the application, posing significant risks to data integrity and security.

Affected Version(s)

TRMTracker 6.2 <= 6.2.04

TRMTracker 6.3 <= 6.3.01

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 4, 2025