CVE-2025-2902 Hitachi CVE debrief

Who should care

Organizations using Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H, G130, G150, G350, G370, G700, G900, F350, F370, F700, and F900 should be aware of this vulnerability. The vulnerability has a high CVSS score of 8.3, indicating a high severity. Users of these products should review their inventory and apply the necessary patches or updates to mitigate the vulnerability.

Technical summary

The vulnerability is caused by improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform. This allows an attacker to perform unauthorized actions on the system. The vulnerability affects multiple models of Hitachi Virtual Storage Platform and has a CVSS score of 8.3. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, indicating a high severity. The weakness associated with this vulnerability is CWE-862.

Defensive priority

High priority should be given to patching or updating the affected Hitachi Virtual Storage Platform models. Organizations should review their inventory and apply the necessary patches or updates to mitigate the vulnerability.

Recommended defensive actions

• Review inventory of Hitachi Virtual Storage Platform models E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H, G130, G150, G350, G370, G700, G900, F350, F370,
• Apply patches or updates to DKCMAIN and GUM for affected models.
• Monitor system logs for suspicious activity.
• Implement compensating controls to limit access to the Maintenance Utility.
• Verify the integrity of system configurations.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected products. The source reference provides additional information from Hitachi on the vulnerability.

Official resources