Skip to main content

Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H EUVDEUVD-2025-210368

| CVE-2025-2902 HIGH
Missing Authorization (CWE-862)
2026-06-29 Hitachi GHSA-3mc2-p59g-jpp4
8.3
CVSS 3.1 · Vendor: Hitachi
Share

Severity by source

Vendor (Hitachi) PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Primary rating from Vendor (Hitachi) · only source for this CVE.

CVSS VectorVendor: Hitachi

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 29, 2026 - 07:17 vuln.today

DescriptionCVE.org

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.

This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

AnalysisAI

Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Share

EUVD-2025-210368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy