PatchSiren cyber security CVE debrief
CVE-2025-1718 Hitachi Energy CVE debrief
CVE-2025-1718 is an availability-impacting vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series devices. According to the advisory, an authenticated user with file access privilege via FTP can cause the device to reboot because of improper disk space management. The issue was publicly disclosed in CISA’s CSAF advisory on 2025-06-24 and later republished with updates through 2026-02-05. The advisory assigns CVSS 3.1 6.5 (MEDIUM) with network access, low attack complexity, and low privileges required, but no confidentiality or integrity impact.
- Vendor
- Hitachi Energy
- Product
- Relion 670/650
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-24
- Original CVE updated
- 2026-02-05
- Advisory published
- 2025-06-24
- Advisory updated
- 2026-02-05
Who should care
OT security teams, substation operators, and asset owners running affected Hitachi Energy Relion 670/650 or SAM600-IO series devices, especially where FTP access is enabled or user privileges are not tightly controlled.
Technical summary
The advisory describes a reboot condition triggered when an authenticated FTP user with file access privileges interacts with the affected device’s storage handling. The reported impact is denial of service through reboot behavior caused by improper disk space management. The supplied CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a remotely reachable availability issue requiring authenticated access.
Defensive priority
Medium overall, higher priority for exposed OT environments or systems where FTP is enabled and operational uptime is critical.
Recommended defensive actions
- Apply the vendor-fixed version for the affected product branch: update to 2.2.6.4, 2.2.5.8, 2.2.4.6, or 2.2.1.9 as applicable, or move to the latest supported release noted by the vendor.
- Review whether FTP is necessary on affected devices; if not required, disable or tightly restrict it using least-privilege access controls.
- Audit accounts and permissions to ensure only authorized users have file access privileges on affected equipment.
- Monitor affected assets for unexpected reboots and investigate repeated reboot events as a potential indicator of this issue.
- Follow CISA’s industrial control systems recommended practices for segmentation, access control, and defense in depth.
- Validate remediation in maintenance windows and coordinate changes with operational safety and availability requirements before deployment.
Evidence notes
Source corpus and official references state: (1) the vulnerability affects Hitachi Energy Relion 670/650 and SAM600-IO series devices, (2) an authenticated user with FTP file access privilege can cause a reboot due to improper disk space management, (3) CVSS 3.1 is 6.5 with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and (4) vendor-specific fixed versions are listed by product branch. CISA’s CSAF item published on 2025-06-24 and was last updated/republished on 2026-02-05 per the provided timeline and revision history. Recommended mitigations are drawn from the vendor remediation entries and CISA ICS guidance links in the source set.
Official resources
-
CVE-2025-1718 CVE record
CVE.org
-
CVE-2025-1718 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-06-24 in CISA advisory ICSA-25-184-01, with subsequent republishing and updates reflected in the source revision history through 2026-02-05.