RCE in Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390h, E590h, E790h, E1090h
CVE-2025-1978
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.001 (28.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L.
Affected products
- Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390h, E590h, E790h, E1090h — versions 0
- Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 — versions 0
- Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 — versions 0
- Hitachi Virtual_storage_one_block — versions 23, 24, 26
- Hitachi Vsp_e1090
- Hitachi Vsp_e1090_firmware
- Hitachi Vsp_e1090h
- Hitachi Vsp_e1090h_firmware
- Hitachi Vsp_e390
- Hitachi Vsp_e390_firmware
Weakness classification (CWE)
References
- hirt@hitachi.co.jp (Vendor Advisory)
Frequently asked questions
- What is CVE-2025-1978?
- CVE-2025-1978 is a high-severity vulnerability in Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390h, E590h, E790h, E1090h, classified under Code Injection. CVSS score: 8.3/10. Published 2026-05-07.
- How severe is CVE-2025-1978?
- High severity. CVSS v3 base score is 8.3 out of 10.