CVE-2025-65115 - Vulnerability Details

- Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM

Description

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

Published: 2026-04-07

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An attacker can cause arbitrary code execution on a Windows system running any of Hitachi’s JP1/IT Desktop Management 2, JP1/NETM/DM, or Job Management Partner 1 components that satisfy the vulnerability matrix. The flaw, identified as CWE-73, arises from unsanitized handling of user‑controlled input, allowing execution of commands that target the underlying operating system. Successful exploitation would break confidentiality, integrity, and availability of the affected services and any data they manage.

Affected Systems

Affected vendors include Hitachi, with products JP1/IT Desktop Management 2 – Manager, Operations Director, JP1/IT Desktop Management – Manager, JP1/NETM/DM – Manager and Client, and Job Management Partner 1 – IT Desktop Management, IT Desktop Management 2 – Manager, Software Distribution Manager, and Software Distribution Client. Vulnerable versions range from 09‑50 through 10‑10‑16 for the JP1/IT Desktop Management series, from 09‑00 through 10‑20‑02 for the JP1/NETM/DM series, and from 09‑00 through 09‑51‑13 for the Job Management Partner 1 Software Distribution series. Within each series, all releases before the specified version markers (e.g., before 13‑50‑02, before 13‑11‑04, before 13‑10‑07, before 13‑01‑07, before 13‑00‑05, before 12‑60‑12, and earlier 10‑50 through 12‑50‑11) are affected.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as high severity. The EPSS score of 0.00081 (or < 1%) indicates a very low probability of exploitation, but exploitation remains possible. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attack vector requires network access to the management components, as the flaw is a remote code execution vulnerability on Windows installations of the product.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi

JP1/IT Desktop Management 2 - Manager

unaffected

Version	Status	Constraints
`13-50`	affected	< 13-50-02
`13-11`	affected	< 13-11-04
`13-10`	affected	< 13-10-07
`13-01`	affected	< 13-01-07
`13-00`	affected	< 13-00-05
`12-60`	affected	< 12-60-12
`10-50`	affected	≤ 12-50-11

Hitachi

JP1/IT Desktop Management 2 - Operations Director

unaffected

Version	Status	Constraints
`13-50`	affected	< 13-50-02
`13-11`	affected	< 13-11-04
`13-10`	affected	< 13-10-07
`13-01`	affected	< 13-01-07
`13-00`	affected	< 13-00-05
`12-60`	affected	< 12-60-12
`10-50`	affected	≤ 12-50-11

Hitachi

Job Management Partner 1/IT Desktop Management 2 - Manager

unaffected

Version	Status	Constraints
`10-50`	affected	≤ 10-50-11

Hitachi

JP1/IT Desktop Management - Manager

unaffected

Version	Status	Constraints
`09-50`	affected	≤ 10-10-16

Hitachi

Job Management Partner 1/IT Desktop Management - Manager

unaffected

Version	Status	Constraints
`09-50`	affected	≤ 10-10-16

Hitachi

JP1/NETM/DM Manager

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 10-20-02

Hitachi

JP1/NETM/DM Client

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 10-20-02

Hitachi

Job Management Partner 1/Software Distribution Manager

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 09-51-13

Hitachi

Job Management Partner 1/Software Distribution Client

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 09-51-13

Configuration 1 [-]

AND

OR	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::