CVE-2025-65115 (CVSS 8.8) affects a broad range of Hitachi JP1 IT management and software distribution products on Windows, spanning versions from 2009 through 2025, via a CWE-73 external file path control flaw enabling arbitrary code execution. Patched versions are available for the JP1/IT Desktop Management 2 and Operations Director branches; legacy product lines (JP1/NETM/DM, Job Management Partner 1 legacy) should be assessed against Hitachi’s advisory for migration or workaround guidance. These products typically operate with elevated privileges on managed endpoints, amplifying the impact of successful exploitation.