Auth bypass in Hitachi Virtual Storage Platform 5100, 5500, 5100h, 5500h, 5200, 5600, 5200h, 5600h
CVE-2025-2902
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-…
Vulnerability class: Broken Access Control
EPSS: 0.002 (9.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H.
Affected products
- Hitachi Virtual Storage Platform 5100, 5500, 5100h, 5500h, 5200, 5600, 5200h, 5600h — versions 0
- Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390h, E590h, E790h, E1090h — versions 0
- Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 — versions 0
Weakness classification (CWE)
References
- hirt@hitachi.co.jp (vendor-advisory)
Frequently asked questions
- What is CVE-2025-2902?
- CVE-2025-2902 is a high-severity vulnerability in Hitachi Virtual Storage Platform 5100, 5500, 5100h, 5500h, 5200, 5600, 5200h, 5600h, classified under Missing Authorization. CVSS score: 8.3/10. Published 2026-06-29.
- How severe is CVE-2025-2902?
- High severity. CVSS v3 base score is 8.3 out of 10.