Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for virtual_storage_one_block by hitachi

    CVE-2025-2514 (GCVE-0-2025-2514)

    Vulnerability from nvd – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
    Summary
    Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
    Severity
    5.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper restriction of excessive authentication attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:41:07.277696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:41:12.214Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
            }
          ],
          "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-49",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-49 Password Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307 Improper restriction of excessive authentication attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T07:30:28.144Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-306",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-2514",
    "datePublished": "2026-05-07T07:30:28.144Z",
    "dateReserved": "2025-03-19T01:13:12.468Z",
    "dateUpdated": "2026-05-07T13:41:12.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2025-1978 (GCVE-0-2025-1978)

    Vulnerability from nvd – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
    VLAI
    Title
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
    Summary
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
    Severity
    8.3 (High)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Credits
    Thomas Josef Riedmaier, Siemens Energy.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:39:55.440215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:40:00.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thomas Josef Riedmaier, Siemens Energy."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T08:05:42.743Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-307",
        "discovery": "EXTERNAL"
      },
      "title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-1978",
    "datePublished": "2026-05-07T08:05:42.743Z",
    "dateReserved": "2025-03-05T03:18:02.426Z",
    "dateUpdated": "2026-05-07T13:40:00.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2025-9661 (GCVE-0-2025-9661)

    Vulnerability from nvd – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
    VLAI
    Title
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
    Summary
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    Severity
    8.1 (High)
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 24 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 26 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:02:14.993613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:02:35.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 24",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 26",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
            }
          ],
          "value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T07:08:14.823Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-309",
        "discovery": "UNKNOWN"
      },
      "title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-9661",
    "datePublished": "2026-05-07T07:08:14.823Z",
    "dateReserved": "2025-08-29T07:14:42.691Z",
    "dateUpdated": "2026-05-07T13:02:35.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2025-1978 (GCVE-0-2025-1978)

    Vulnerability from cvelistv5 – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
    VLAI
    Title
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
    Summary
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
    Severity
    8.3 (High)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    		Create a notification for this product.
    Credits
    Thomas Josef Riedmaier, Siemens Energy.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:39:55.440215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:40:00.385Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thomas Josef Riedmaier, Siemens Energy."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T08:05:42.743Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-307",
        "discovery": "EXTERNAL"
      },
      "title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-1978",
    "datePublished": "2026-05-07T08:05:42.743Z",
    "dateReserved": "2025-03-05T03:18:02.426Z",
    "dateUpdated": "2026-05-07T13:40:00.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2025-2514 (GCVE-0-2025-2514)

    Vulnerability from cvelistv5 – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
    Summary
    Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
    Severity
    5.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper restriction of excessive authentication attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:41:07.277696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:41:12.214Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
            }
          ],
          "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-49",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-49 Password Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307 Improper restriction of excessive authentication attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T07:30:28.144Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-306",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-2514",
    "datePublished": "2026-05-07T07:30:28.144Z",
    "dateReserved": "2025-03-19T01:13:12.468Z",
    "dateUpdated": "2026-05-07T13:41:12.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2025-9661 (GCVE-0-2025-9661)

    Vulnerability from cvelistv5 – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
    VLAI
    Title
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
    Summary
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    Severity
    8.1 (High)
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 24 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 26 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:02:14.993613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:02:35.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 23",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 24",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 26",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Hitachi Virtual Storage Platform One Block 28",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
            }
          ],
          "value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T07:08:14.823Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2026-309",
        "discovery": "UNKNOWN"
      },
      "title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-9661",
    "datePublished": "2026-05-07T07:08:14.823Z",
    "dateReserved": "2025-08-29T07:14:42.691Z",
    "dateUpdated": "2026-05-07T13:02:35.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}