CVE-2025-65116 | Hitachi JP1 IT Desktop Management 2 on Windows release of reference (sec-2026-118)

VDB-355717 · CVE-2025-65116 · SEC-2026-118 HITACHI JP1 IT DESKTOP MANAGEMENT 2 ON WINDOWS RELEASE OF REFERENCE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.4 $0-$5k 2.15+ Summaryinfo A vulnerability was found in Hitachi JP1 IT Desktop Management 2, Job Management Partner 1, IT Desktop Management, NETM DM Manager, DM Client, Software Distribution Manager and Software Distribution Client on Windows. It has been classified as problematic. Affected is an unknown function. This manipulation causes release of reference. This vulnerability is tracked as CVE-2025-65116. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended. Detailsinfo A vulnerability classified as problematic was found in Hitachi JP1 IT Desktop Management 2, Job Management Partner 1, IT Desktop Management, NETM DM Manager, DM Client, Software Distribution Manager and Software Distribution Client on Windows. Affected by this vulnerability is an unknown code block. The manipulation with an unknown input leads to a release of reference vulnerability. The CWE definition for the vulnerability is CWE-763. The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. As an impact it is known to affect availability. The summary by CVE is: Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. The weakness was disclosed by Ruslan Sayfiev and Denis Faiustov as sec-2026-118. The advisory is shared at hitachi.com. This vulnerability is known as CVE-2025-65116 since 11/18/2025. The exploitation appears to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. Upgrading eliminates this vulnerability. Productinfo Vendor Hitachi Name DM Client IT Desktop Management Job Management Partner 1 JP1 IT Desktop Management 2 NETM DM Manager Software Distribution Client Software Distribution Manager License commercial Website Vendor: https://www.hitachi.com/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.5 VulDB Meta Temp Score: 5.4 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 5.5 CNA Vector (Hitachi): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Release of reference CWE: CWE-763 / CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: No Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Timelineinfo 11/18/2025 CVE reserved 04/07/2026 +139 days Advisory disclosed 04/07/2026 +0 days VulDB entry created 04/07/2026 +0 days VulDB entry last update Sourcesinfo Vendor: hitachi.com Advisory: sec-2026-118 Researcher: Ruslan Sayfiev, Denis Faiustov Status: Confirmed CVE: CVE-2025-65116 (🔒) GCVE (CVE): GCVE-0-2025-65116 GCVE (VulDB): GCVE-100-355717 Entryinfo Created: 04/07/2026 10:24 Changes: 04/07/2026 10:24 (63) Complete: 🔍 Cache ID: 99:DD6:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸