CVE-2025-5781 PUBLISHED

Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager

Assigner: Hitachi
Reserved: 06.06.2025 Published: 25.02.2026 Updated: 25.02.2026

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVSS Score: 5.2

Product Status

Vendor Hitachi
Product Hitachi Ops Center API Configuration Manager
Versions Default: unaffected
  • affected from 10.0.0-00 to 11.0.5-00 (excl.)
Vendor Hitachi
Product Hitachi Configuration Manager
Versions Default: unaffected
  • affected from 8.5.1-00 to 11.0.5-00 (excl.)
Vendor Hitachi
Product Hitachi Device Manager
Versions Default: unaffected
  • affected from 8.4.1-00 to 8.6.5-00 (excl.)

References

Problem Types

  • CWE-532 Insertion of Sensitive Information into Log File CWE

Impacts

  • CAPEC-593 Session Hijacking