CVE-2025-2902

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform

Assigner: Hitachi
Reserved: 28.03.2025 Published: 29.06.2026 Updated: 29.06.2026

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.

This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CVSS Score: 8.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Hitachi
Product	Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H
Versions	Default: unaffected affected from 0 to DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00 (excl.)

Vendor

Hitachi

Product

Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H

Versions

Default: unaffected

affected from 0 to DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00 (excl.)

Vendor	Hitachi
Product	Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H
Versions	Default: unaffected affected from 0 to DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00 (excl.)

Vendor

Hitachi

Product

Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H

Versions

Default: unaffected

affected from 0 to DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00 (excl.)

Vendor	Hitachi
Product	Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900
Versions	Default: unaffected affected from 0 to DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00 (excl.)

Vendor

Hitachi

Product

Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900

Versions

Default: unaffected

affected from 0 to DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00 (excl.)

References

Problem Types

CWE-862 Missing Authorization CWE

Impacts

CAPEC-115 Authentication Bypass

CVE-2025-2902 PUBLISHED

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform

Metrics

Product Status

References

Problem Types

Impacts