PatchSiren cyber security CVE debrief
CVE-2025-27632 Hitachi Energy CVE debrief
CVE-2025-27632 is a medium-severity Host Header Injection vulnerability in Hitachi Energy TRMTracker. According to CISA’s advisory, an attacker who can influence the Host header in an HTTP request may be able to leverage multiple attack vectors, including defacing site content through web-cache poisoning. Hitachi Energy and CISA both published guidance on 2025-03-25, and affected versions include TRMTracker 6.2.04 and below as well as 6.3.0 and 6.3.01.
- Vendor
- Hitachi Energy
- Product
- TRMTracker
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-03-25
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-03-25
Who should care
Organizations that operate Hitachi Energy TRMTracker, especially industrial control system environments with web-accessible TRMTracker instances. Security teams should also care if the application is fronted by shared caches, reverse proxies, or other infrastructure that could amplify host-header manipulation.
Technical summary
The advisory describes a Host Header Injection weakness in TRMTracker. The attacker model is HTTP-request based: by modifying the Host header, an attacker may be able to influence application behavior in ways that enable cache poisoning and content defacement. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which is consistent with a network-reachable issue that relies on user interaction and can affect integrity and limited confidentiality.
Defensive priority
Moderate to high priority for exposed TRMTracker deployments. Although the CVSS score is medium (6.1), the issue is network-reachable and can impact externally visible content. Prioritize remediation on internet-facing or widely reachable installations, especially where caches or proxies are present.
Recommended defensive actions
- Update TRMTracker to version 6.2.04.014 or later if you are on the 6.2.x line.
- Update TRMTracker to version 6.3.02 if you are on the 6.3.x line.
- Review and apply the vendor’s general mitigation factors for affected TRMTracker installations.
- Check for any reverse proxy, load balancer, or cache configurations that may pass untrusted Host header values through to the application.
- Validate that operational monitoring can detect unexpected content changes or cache-related anomalies on the TRMTracker site.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-093-02 for Hitachi Energy TRMTracker. The source states that the vulnerability is a Host Header Injection issue that may allow an attacker to modify the host header in an HTTP request and leverage attack vectors including web-cache poisoning and site defacement. The affected products listed are TRMTracker versions 6.2.04 and below, and TRMTracker versions 6.3.0 and 6.3.01. Remediation guidance in the source specifies upgrading to 6.2.04.014 or 6.3.02, depending on the product line.
Official resources
-
CVE-2025-27632 CVE record
CVE.org
-
CVE-2025-27632 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-27632 was published and last modified on 2025-03-25T13:30:00Z. CISA’s ICSA-25-093-02 advisory and the vendor advisory were published the same day, and the issue was not listed as a Known Exploited Vulnerability in the supplied data