CVE-2025-2902

HIGH

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform

Title source: cna
STIX 2.1

Description

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

References (1)

Core 1

Scores

CVSS v3 8.3
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (3)
Hitachi/Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H < DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00
Hitachi/Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H < DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00
Hitachi/Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 < DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00
Published Jun 29, 2026
Tracked Since Jun 29, 2026