CVE-2025-27632
Published: 25 March 2025
Summary
CVE-2025-27632 is a medium-severity Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644) vulnerability in Hitachienergy (inferred from references). Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14835
Vulnerability details
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.