Host Header Injection Vulnerability in TRMTracker by Hitachi Energy
CVE-2025-27632

6.1MEDIUM

Key Information:

Vendor: Hitachi
Status: Trmtracker
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-27632?

A vulnerability in the TRMTracker application allows attackers to manipulate the host header in HTTP requests. This can lead to various attack scenarios, such as defacing website content or conducting web-cache poisoning attacks. By exploiting this weakness, attackers can compromise site integrity and mislead users, making prompt remediation essential for securing affected systems.

Affected Version(s)

TRMTracker 6.2 <= 6.2.04

TRMTracker 6.3 <= 6.3.01

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 4, 2025