CVE-2025-65116 - Vulnerability Details

- Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM

Description

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

Published: 2026-04-07

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Buffer overflow vulnerability resides in the Windows versions of JP1/IT Desktop Management 2 Manager and Operations Director, as well as related JP1/NETM/DM Manager and Client components. This flaw allows an attacker, given suitable input, to exceed expected buffer limits, potentially leading to memory corruption. The impact of such corruption could include arbitrary code execution or denial of service, though the exact consequences depend on the exploited context. The weakness is classified as a buffer overflow (CWE‑763).

Affected Systems

Affected systems encompass several Hitachi product families: JP1/IT Desktop Management 2 Manager and Operations Director, JP1/IT Desktop Management (legacy) Manager, Job Management Partner 1/IT Desktop Management 2 Manager, Job Management Partner 1/IT Desktop Management Manager, JP1/NETM/DM Manager and Client, and Job Management Partner 1 Software Distribution Manager and Client. The issue affects Windows versions prior to the specified patch levels: for JP1/IT Desktop Management 2 Manager, versions 13‑50, 13‑11, 13‑10, 13‑01, 13‑00, 12‑60, and all releases 10‑50 through 12‑50‑11; for JP1/IT Desktop Management 2 Operations Director, the same set of pre‑patch releases; for Job Management Partner 1/IT Desktop Management 2 Manager, releases 10‑50 through 10‑50‑11; for JP1/IT Desktop Management Manager and Job Management Partner 1/IT Desktop Management Manager, releases 09‑50 through 10‑10‑16; for JP1/NETM/DM components, releases 09‑00 through 10‑20‑02; and for Job Management Partner 1 Software Distribution components, releases 09‑00 through 09‑51‑13.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity impact. The EPSS score of < 1% reflects a very low exploitation probability, and the vulnerability is not listed in the KEV catalog, suggesting no widespread exploitation has been reported. Based on the description, the likely attack vector is local misuse of privileged input to the affected Windows services, though remote exploitation cannot be ruled out. An attacker who successfully triggers the overflow could cause program crashes or potentially gain code execution, depending on the environment and privilege level.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi

JP1/IT Desktop Management 2 - Manager

unaffected

Version	Status	Constraints
`13-50`	affected	< 13-50-02
`13-11`	affected	< 13-11-04
`13-10`	affected	< 13-10-07
`13-01`	affected	< 13-01-07
`13-00`	affected	< 13-00-05
`12-60`	affected	< 12-60-12
`10-50`	affected	≤ 12-50-11

Hitachi

JP1/IT Desktop Management 2 - Operations Director

unaffected

Version	Status	Constraints
`13-50`	affected	< 13-50-02
`13-11`	affected	< 13-11-04
`13-10`	affected	< 13-10-07
`13-01`	affected	< 13-01-07
`13-00`	affected	< 13-00-05
`12-60`	affected	< 12-60-12
`10-50`	affected	≤ 12-50-11

Hitachi

Job Management Partner 1/IT Desktop Management 2 - Manager

unaffected

Version	Status	Constraints
`10-50`	affected	≤ 10-50-11

Hitachi

JP1/IT Desktop Management - Manager

unaffected

Version	Status	Constraints
`09-50`	affected	≤ 10-10-16

Hitachi

Job Management Partner 1/IT Desktop Management - Manager

unaffected

Version	Status	Constraints
`09-50`	affected	≤ 10-10-16

Hitachi

JP1/NETM/DM Manager

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 10-20-02

Hitachi

JP1/NETM/DM Client

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 10-20-02

Hitachi

Job Management Partner 1/Software Distribution Manager

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 09-51-13

Hitachi

Job Management Partner 1/Software Distribution Client

unaffected

Version	Status	Constraints
`09-00`	affected	≤ 09-51-13

Configuration 1 [-]

AND

OR	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::
	cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager::::::::