CVE-2025-9661

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:virtual_storage_one_block:23:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:24:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:26:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:28:::::::*

History

08 May 2026, 16:59

Type	Values Removed	Values Added
References	~~() https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html -~~	() https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html - Vendor Advisory
First Time		Hitachi virtual Storage One Block Hitachi
CPE		cpe:2.3:a:hitachi:virtual_storage_one_block:24:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:28:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:26:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:23:::::::*

07 May 2026, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-07 08:16

Updated : 2026-05-08 16:59

NVD link : CVE-2025-9661

Mitre link : CVE-2025-9661

CVE.ORG link : CVE-2025-9661

JSON object : View

Products Affected

hitachi

virtual_storage_one_block

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-9661", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "hirt@hitachi.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-05-07T08:16:00.317", "references": [{"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html", "tags": ["Vendor Advisory"], "source": "hirt@hitachi.co.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hirt@hitachi.co.jp", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."}], "lastModified": "2026-05-08T16:59:28.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46788D83-153E-42CF-ACA5-09506AA45D54"}, {"criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC7E00FD-2148-457B-B91A-FDB575DF8DF7"}, {"criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04B799D3-FCF2-4832-8E5D-65D5BE53F47D"}, {"criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC55432F-8451-4859-A01A-946C26A793C6"}], "operator": "OR"}]}], "sourceIdentifier": "hirt@hitachi.co.jp"}