CVE-2025-9661

HIGH

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28

Title source: cna

Description

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

References (1)

Core 1

Core References

https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html

Scores

CVSS v3 8.1

EPSS 0.0005

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (8)

Hitachi/Hitachi Virtual Storage Platform One Block 23 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00

Hitachi/Hitachi Virtual Storage Platform One Block 24 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00

Hitachi/Hitachi Virtual Storage Platform One Block 26 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00

Hitachi/Hitachi Virtual Storage Platform One Block 28 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00

hitachi/virtual_storage_one_block 23

hitachi/virtual_storage_one_block 24

hitachi/virtual_storage_one_block 26

hitachi/virtual_storage_one_block 28

Published May 07, 2026

Tracked Since May 07, 2026