CVE-2025-2902
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
An improper authorization vulnerability has been discovered in the maintenance utility of Hitachi Virtual Storage Platform systems. This flaw allows unauthorized access to maintenance functions, potentially compromising data integrity and confidentiality.
Risk Assessment
The risk includes potential takeover of the storage system by an unauthorized user, which could lead to data leakage or service disruption.
Recommendation
Immediately update DKCMAIN and GUM firmware to the versions specified in the vulnerability description. Restrict access to maintenance utilities to trusted administrators only.
Original NVD description (English source)
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

