XXE in Hitachi Jp1/it Desktop Management 2 - Smart Device Manager

CVE-2025-27523

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 1…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.003 (23.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-27523?
CVE-2025-27523 is a high-severity vulnerability in Hitachi Jp1/it Desktop Management 2 - Smart Device Manager, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 8.7/10. Published 2025-05-15.
How severe is CVE-2025-27523?
High severity. CVSS v3 base score is 8.7 out of 10.