CVE-2025-2902
HIGHImproper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
Title source: cnaDescription
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html
Scores
CVSS v3
8.3
EPSS
0.0019
EPSS Percentile
9.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (3)
Hitachi/Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H
< DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00
Hitachi/Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H
< DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00
Hitachi/Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900
< DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00
Published
Jun 29, 2026
Tracked Since
Jun 29, 2026