Skip to main content

Hitachi Virtual Storage Platform One Block 23 24 26 28

1 CVEs product

Monthly

CVE-2025-0824 LOW Monitor

Firmware update signature bypass in Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 allows an authenticated remote attacker to supply unvalidated firmware packages, potentially compromising storage array integrity and availability. The root cause is CWE-347 (Improper Verification of Cryptographic Signature), and the 'Jwt Attack' tag suggests the firmware validation chain relies on a JWT-based signing mechanism that can be circumvented under specific conditions. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the self-disclosure by Hitachi with a coordinated patch release indicates vendor-confirmed severity.

Jwt Attack Information Disclosure Hitachi Virtual Storage Platform One Block 23 24 26 28
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
EPSS 0% CVSS 3.7
LOW Monitor

Firmware update signature bypass in Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 allows an authenticated remote attacker to supply unvalidated firmware packages, potentially compromising storage array integrity and availability. The root cause is CWE-347 (Improper Verification of Cryptographic Signature), and the 'Jwt Attack' tag suggests the firmware validation chain relies on a JWT-based signing mechanism that can be circumvented under specific conditions. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the self-disclosure by Hitachi with a coordinated patch release indicates vendor-confirmed severity.

Jwt Attack Information Disclosure Hitachi Virtual Storage Platform One Block 23 24 26 28
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy