CVE Catalog

CVE-2025-2902

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile — higher than 9% of all known CVEs

Summary

An improper authorization vulnerability has been discovered in the maintenance utility of Hitachi Virtual Storage Platform systems. This flaw allows unauthorized access to maintenance functions, potentially compromising data integrity and confidentiality.

Risk Assessment

The risk includes potential takeover of the storage system by an unauthorized user, which could lead to data leakage or service disruption.

Recommendation

Immediately update DKCMAIN and GUM firmware to the versions specified in the vulnerability description. Restrict access to maintenance utilities to trusted administrators only.

Original NVD description (English source)

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS