CVE-2025-9661 PUBLISHED

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28

Assigner: Hitachi
Reserved: 29.08.2025 Published: 07.05.2026 Updated: 07.05.2026

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.

This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.1

Product Status

Vendor Hitachi
Product Hitachi Virtual Storage Platform One Block 23
Versions Default: unaffected
  • affected from 0 to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (excl.)
Vendor Hitachi
Product Hitachi Virtual Storage Platform One Block 24
Versions Default: unaffected
  • affected from 0 to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (excl.)
Vendor Hitachi
Product Hitachi Virtual Storage Platform One Block 26
Versions Default: unaffected
  • affected from 0 to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (excl.)
Vendor Hitachi
Product Hitachi Virtual Storage Platform One Block 28
Versions Default: unaffected
  • affected from 0 to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (excl.)

References

Problem Types

  • CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') CWE

Impacts

  • CAPEC-88 OS Command Injection