CVE-2025-0824 Hitachi CVE debrief

Who should care

Organizations using Hitachi Virtual Storage Platform One Block 23, 24, 26, or 28 should be aware of this vulnerability. Specifically, those with versions before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00, should take action. IT administrators and cybersecurity teams responsible for Hitachi storage solutions should review and apply necessary updates.

Technical summary

The vulnerability (CVE-2025-0824) is caused by a lack of validation for firmware updates in Hitachi Virtual Storage Platform One Block 23, 24, 26, and 28. The CVSS score for this vulnerability is 3.7, indicating a low severity. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L. It is classified under CWE-347. The vulnerability was disclosed on June 29, 2026.

Defensive priority

Given the low CVSS score of 3.7, this vulnerability is considered a lower priority for immediate action. However, it is still important for organizations using affected versions of Hitachi Virtual Storage Platform One Block to assess their exposure and apply updates as part of regular maintenance.

Recommended defensive actions

• Verify the version of Hitachi Virtual Storage Platform One Block in use and compare it to the affected versions.
• Check for and apply any available firmware updates to ensure the system is running DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 or later.
• Review and update inventory records to reflect the current firmware versions of all Hitachi Virtual Storage Platform One Block systems.
• Monitor for any advisories or further information from Hitachi regarding this vulnerability.
• Consider implementing compensating controls if immediate patching is not feasible.

Evidence notes

The CVE-2025-0824 record was obtained from the National Vulnerability Database (NVD). The CVE was published and modified on June 29, 2026. Hitachi has provided a security information page related to this issue. The CWE classification for this vulnerability is CWE-347.

Official resources