Skip to main content

Hitachi Virtual Storage Platform G1000 G1500 F1500 Vx7

1 CVEs product

Monthly

CVE-2025-7386 MEDIUM This Month

Credential exposure in Hitachi Storage Navigator allows authenticated storage administrators to extract insufficiently protected credentials through the network-accessible management interface, potentially enabling lateral movement to systems outside the storage platform's authorization boundary. Affected platforms span the Hitachi VSP 5000-series and G/F/VX-series enterprise storage arrays running pre-patch firmware versions on both the DKCMAIN and SVP components. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS Scope:Changed metric indicates that exposed credentials could be leveraged against systems well beyond Storage Navigator itself.

Information Disclosure Hitachi Virtual Storage Platform 5100 5200 5500 5600 5100H 5200H 5500H 5600H Vx8 Hitachi Virtual Storage Platform G1000 G1500 F1500 Vx7
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
EPSS 0% CVSS 6.8
MEDIUM This Month

Credential exposure in Hitachi Storage Navigator allows authenticated storage administrators to extract insufficiently protected credentials through the network-accessible management interface, potentially enabling lateral movement to systems outside the storage platform's authorization boundary. Affected platforms span the Hitachi VSP 5000-series and G/F/VX-series enterprise storage arrays running pre-patch firmware versions on both the DKCMAIN and SVP components. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the CVSS Scope:Changed metric indicates that exposed credentials could be leveraged against systems well beyond Storage Navigator itself.

Information Disclosure Hitachi Virtual Storage Platform 5100 5200 5500 5600 5100H 5200H 5500H 5600H Vx8 Hitachi Virtual Storage Platform G1000 G1500 F1500 Vx7
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy