CVE-2025-1445

High

Published: 25 March 2025

Published

25 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0010 27.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1445 is a high-severity Missing Synchronization (CWE-820) vulnerability in Hitachienergy (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly mitigates the TLS renegotiation vulnerability in the IEC61850 stack on RTU500 devices by applying vendor patches.

SC-5 Denial-of-service Protection good match

preventdetect

Denial-of-service protection implements mechanisms to detect and block the timing-based TLS renegotiation attack disrupting IEC61850 communication availability.

SC-6 Resource Availability good match

prevent

Resource availability protections ensure critical IEC61850 communication resources remain operational despite TLS renegotiation-induced disruptions.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated network attackers to trigger DoS via TLS renegotiation timing flaw in the IEC61850 stack, directly mapping to application/system exploitation causing endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as…

client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.

Deeper analysisAI

CVE-2025-1445 is a vulnerability in the RTU IEC 61850 client and server functionality on the RTU500 device, specifically affecting the CMU where the IEC61850 stack is configured using TLS. The flaw occurs when renegotiation of an open IEC61850 TLS connection takes place in specific timing situations during active IEC61850 communication, potentially impacting availability. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-820.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction. By initiating TLS renegotiation at precise timings while IEC61850 communication is active, they can disrupt service availability on the affected RTU500 device, resulting in a denial-of-service condition.

Mitigation guidance is available in the vendor advisory published by Hitachi Energy at https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true. The vulnerability was published on 2025-03-25.

Details

CWE(s): CWE-820

Affected Products

Hitachienergy

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-22163Shared CWE-820

References

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true
cybersecurity@hitachienergy.com