CVE-2025-1484

medium

Description

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch

Details

Source: Mitre, NVD

Published: 2025-05-30

Updated: 2025-05-30

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

Severity: Medium

EPSS

EPSS: 0.00056