CVE-2025-65115 is a remote code execution vulnerability classified under CWE-73 (External Control of File Name or Path) in Hitachi JP1/IT Desktop Management 2 - Manager and related products on Windows. This vulnerability affects multiple versions ranging from 09-00 through 13-50, including JP1/IT Desktop Management 2 - Manager, Operations Director, Job Management Partner 1/IT Desktop Management, JP1/NETM/DM Manager and Client, and Job Management Partner 1/Software Distribution Manager and Client. The vulnerability allows an attacker with limited privileges to remotely execute arbitrary code by manipulating file names or paths. The CVSS 3.1 score is 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability. No official patch or remediation has been published yet, and no known exploits are reported in the wild.

Successful exploitation of this vulnerability can lead to remote code execution with high impact on confidentiality, integrity, and availability of the affected systems. An attacker with limited privileges can potentially execute arbitrary code remotely, compromising the affected Hitachi JP1/IT Desktop Management products on Windows. This could result in full system compromise or disruption of management operations.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been published by Hitachi at this time. Users should monitor Hitachi's security advisories for updates and apply patches promptly once available. Until then, limit exposure of affected systems to untrusted networks and restrict user privileges where possible.