Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H
EUVD-2025-210368
|
CVE-2025-2902
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Primary rating from Vendor (Hitachi) · only source for this CVE.
CVSS VectorVendor: Hitachi
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
AnalysisAI
Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
More in Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H
View allRemote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network a
Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-3mc2-p59g-jpp4