CVE-2025-1036
published 2025-10-28CVE-2025-1036: Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access…
PriorityP264high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
1.09%
61.2th percentile
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | tropos_4th_gen | 8.7.0.0 – 8.9.6.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for OS command injection attempts targeting the 'Logging' page of the TropOS web-based configuration utility from low-privileged authenticated users ↗
- →Alert on unexpected root SSH sessions originating from the TropOS 4th Gen device, which may indicate successful exploitation of CVE-2025-1036 via the Logging page command injection ↗
- ·Vulnerability only affects TropOS 4th Gen Firmware versions 8.9.6.0 and prior; devices updated to 8.9.7.0 are not affected ↗
- ·Exploitation requires authenticated access (low-privileged) to the web-based configuration utility; unauthenticated remote exploitation is not possible ↗
- ·No known public exploitation of this vulnerability has been reported at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4h48-5g6c-r5j3: Command injection vulnerability exists in the “Logging” page of the web-based configuration utility
ghsa_unreviewed·2025-10-28
CVE-2025-1036 [HIGH] CWE-78 GHSA-4h48-5g6c-r5j3: Command injection vulnerability exists in the “Logging” page of the web-based configuration utility
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.
CISA ICS
Hitachi Energy TropOS
cisa_ics·2025-10-30·CVSS 8.7
[HIGH] Hitachi Energy TropOS
ICS Advisory
##
Hitachi Energy TropOS
Release DateOctober 30, 2025
Alert CodeICSA-25-303-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: TropOS
- Vulnerabilities: OS Command Injection, Improper Privilege Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow command injections and privilege escalation.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports TropOS wireless devices are affected when using the following firmware versions:
- TropOS 4th Gen Firmware: versions 8.9.6.0 and prior (CVE-2025-1036, CVE-2025-1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-28
Published