Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Summary
| CVE | CVE-2025-1978 |
|---|---|
| State | PUBLISHED |
| Assigner | Hitachi |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-07 09:16:26 UTC |
| Updated | 2026-05-13 19:15:52 UTC |
| Description | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.003170000 probability, percentile 0.548600000 (date 2026-05-21)
Problem Types: CWE-94 | CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | [email protected] | Secondary | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
| 3.1 | CNA | CVSS | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hitachi | Virtual Storage One Block | 23 | All | All | All |
| Application | Hitachi | Virtual Storage One Block | 24 | All | All | All |
| Application | Hitachi | Virtual Storage One Block | 26 | All | All | All |
| Application | Hitachi | Virtual Storage One Block | 28 | All | All | All |
| Hardware | Hitachi | Vsp E1090 | - | All | All | All |
| Hardware | Hitachi | Vsp E1090h | - | All | All | All |
| Operating System | Hitachi | Vsp E1090h Firmware | - | All | All | All |
| Operating System | Hitachi | Vsp E1090 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp E390 | - | All | All | All |
| Hardware | Hitachi | Vsp E390h | - | All | All | All |
| Operating System | Hitachi | Vsp E390h Firmware | - | All | All | All |
| Operating System | Hitachi | Vsp E390 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp E590 | - | All | All | All |
| Hardware | Hitachi | Vsp E590h | - | All | All | All |
| Operating System | Hitachi | Vsp E590h Firmware | - | All | All | All |
| Operating System | Hitachi | Vsp E590 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp E790 | - | All | All | All |
| Hardware | Hitachi | Vsp E790h | - | All | All | All |
| Operating System | Hitachi | Vsp E790h Firmware | - | All | All | All |
| Operating System | Hitachi | Vsp E790 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp E990 | - | All | All | All |
| Operating System | Hitachi | Vsp E990 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp F350 | - | All | All | All |
| Operating System | Hitachi | Vsp F350 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp F370 | - | All | All | All |
| Operating System | Hitachi | Vsp F370 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp F700 | - | All | All | All |
| Operating System | Hitachi | Vsp F700 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp F900 | - | All | All | All |
| Operating System | Hitachi | Vsp F900 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G130 | - | All | All | All |
| Operating System | Hitachi | Vsp G130 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G150 | - | All | All | All |
| Operating System | Hitachi | Vsp G150 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G350 | - | All | All | All |
| Operating System | Hitachi | Vsp G350 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G370 | - | All | All | All |
| Operating System | Hitachi | Vsp G370 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G700 | - | All | All | All |
| Operating System | Hitachi | Vsp G700 Firmware | - | All | All | All |
| Hardware | Hitachi | Vsp G900 | - | All | All | All |
| Operating System | Hitachi | Vsp G900 Firmware | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Hitachi | Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 | affected DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 | affected DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 | affected DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 | affected DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 | affected DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H | affected DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H | affected DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H | affected DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H | affected DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H | affected DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28 | affected DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28 | affected DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28 | affected DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28 | affected DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 custom | Not specified |
| CNA | Hitachi | Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28 | affected DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html | [email protected] | www.hitachi.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Thomas Josef Riedmaier, Siemens Energy. (en)
There are currently no legacy QID mappings associated with this CVE.