CVE-2025-9661

Summary

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.

This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Affected Software

VendorProductVersion RangeStatus
HitachiHitachi Virtual Storage Platform One Block 230 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00affected
HitachiHitachi Virtual Storage Platform One Block 240 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00affected
HitachiHitachi Virtual Storage Platform One Block 260 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00affected
HitachiHitachi Virtual Storage Platform One Block 280 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00affected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References