CVE-2025-66444
Cross-Site Scripting in Hitachi Analytics Advisor and Ops Center
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: Hitachi, Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachi | ops_center_analyzer | 11.0.5-00 |
| hitachi | ops_center_analyzer | 10.0.0-00 |
| hitachi | infrastructure_analytics_advisor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue affecting Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. It allows an attacker to execute malicious scripts in the context of a user's browser by exploiting the affected components. The vulnerability can be exploited remotely over the network with low attack complexity, requiring low privileges and some user interaction. It impacts the confidentiality, integrity, and availability of the affected systems. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information (high confidentiality impact), partial modification of data (integrity impact), and partial disruption of service (availability impact). Because it is a Cross-Site Scripting vulnerability, attackers might execute malicious scripts that can steal user data, hijack sessions, or perform actions on behalf of the user, potentially compromising the security of the affected systems. [1]
What immediate steps should I take to mitigate this vulnerability?
Users should upgrade Hitachi Ops Center Analyzer to version 11.0.5-00 or later to mitigate this vulnerability. For Hitachi Infrastructure Analytics Advisor, users should consult Hitachi support for the latest fixed product versions and details. Applying these updates will address the Cross-Site Scripting vulnerability. [1]