CVE-2025-1978— Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-1978
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Source: NVD (National Vulnerability Database)
Vulnerability Description
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hitachi Virtual Storage Platform和Hitachi Virtual Storage Platform One Block 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hitachi Virtual Storage Platform和Hitachi Virtual Storage Platform One Block都是日本日立制作所(Hitachi)公司的产品。Hitachi Virtual Storage Platform是一系列用于数据中心的计算机数据存储系统。Hitachi Virtual Storage Platform One Block是一款高性能块存储系统设备。 Hitachi Virtual Storage Platform和Hitachi Virtu
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 | 0 ~ DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 | - | |
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H | 0 ~ DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 | - | |
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 | 0 ~ DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 | - |
II. Public POCs for CVE-2025-1978
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-1978
请登录查看更多情报信息。
Same Patch Batch · Hitachi · 2026-05-07 · 3 CVEs total
| CVE-2025-9661 | 8.1 HIGH | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi |
| CVE-2025-2514 | 5.3 MEDIUM | Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual |
IV. Related Vulnerabilities
Same vendor: Hitachi
- CVE-2025-2514
Improper Restriction of Excessive Authentication Attempts vu - CVE-2025-9661
OS command injection vulneravility in the management gui (ma - CVE-2025-65116
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - CVE-2025-65115
Remote Code Execution Vulnerability in JP1/IT Desktop Manage - CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2025-1978
No comments yet