Skip to main content

Microsoft CVE-2025-65116

| EUVDEUVD-2025-209257 MEDIUM
Release of Invalid Pointer or Reference (CWE-763)
2026-04-07 Hitachi
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
13-00-05,12-60-12,13-11-04
EUVD ID Assigned
Apr 07, 2026 - 06:15 euvd
EUVD-2025-209257
Analysis Generated
Apr 07, 2026 - 06:15 vuln.today
CVE Published
Apr 07, 2026 - 05:43 nvd
MEDIUM 5.5

DescriptionCVE.org

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

AnalysisAI

Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.

Technical ContextAI

The vulnerability is rooted in CWE-763 (Assertion with Side Effects), which typically manifests when buffer handling logic fails to properly validate input boundaries before writing to memory regions. In this context, the affected Hitachi products (JP1/IT Desktop Management 2 Manager/Operations Director, JP1/IT Desktop Management Manager, JP1/NETM/DM Manager/Client, and Job Management Partner 1 Software Distribution Manager/Client) running on Windows are susceptible to memory corruption when processing untrusted input. The CVSS vector AV:L/AC:L/PR:L indicates local attack vector with low complexity, requiring low-privilege authenticated access, suggesting the flaw exists in inter-process communication, file parsing, or local API handling within these management and distribution platforms.

RemediationAI

Update to patched versions: JP1/IT Desktop Management 2 Manager/Operations Director to 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, or 12-60-12 depending on your current version; Job Management Partner 1/IT Desktop Management 2 Manager to 10-50-12 or later; JP1/IT Desktop Management Manager/Job Management Partner 1/IT Desktop Management Manager to 10-10-17 or later; JP1/NETM/DM Manager/Client to 10-20-03 or later; Job Management Partner 1/Software Distribution Manager/Client to 09-51-14 or later. Organizations should consult the Hitachi security advisory at https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/ for exact patch availability dates and detailed update procedures. Given the local-only attack vector, prioritize updating systems that support shared logins or host untrusted users; manager components should be updated first to prevent potential cascading impact on managed endpoints.

Share

CVE-2025-65116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy