XXE in Hitachi Jp1/it Desktop Management 2 - Smart Device Manager
CVE-2025-27523
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 1…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.003 (23.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H.
Affected products
- Hitachi Jp1/it Desktop Management 2 - Smart Device Manager — versions 12-00, 11-10, 11-00
Weakness classification (CWE)
References
- hirt@hitachi.co.jp (vendor-advisory)
Frequently asked questions
- What is CVE-2025-27523?
- CVE-2025-27523 is a high-severity vulnerability in Hitachi Jp1/it Desktop Management 2 - Smart Device Manager, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 8.7/10. Published 2025-05-15.
- How severe is CVE-2025-27523?
- High severity. CVSS v3 base score is 8.7 out of 10.