CVE-2025-5781
Information Exposure in Hitachi Ops Center Enables Session Hijacking
Publication date: 2026-02-25
Last updated on: 2026-02-27
Assigner: Hitachi, Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachi | configuration_manager | From 8.5.1-00 (inc) |
| hitachi | configuration_manager | From 8.5.1-00 (inc) to 11.0.5-00 (exc) |
| hitachi | device_manager | From 8.4.1-00 (inc) to 8.6.5-00 (exc) |
| hitachi | ops_center_api_configuration_manager | From 10.0.0-00 (inc) to 11.0.5-00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to hijack sessions through exposed session tokens. This can lead to unauthorized access to sensitive information and potentially compromise the confidentiality and integrity of your system.
- Local attacker with low privileges can exploit the vulnerability.
- No user interaction is required for exploitation.
- The impact includes low confidentiality and integrity loss but no impact on availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2025-5781, the recommended immediate step is to upgrade affected products to version 11.0.5-00 or later.
- Upgrade Hitachi Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
- Upgrade Hitachi Ops Center API Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
- If REST API functionality is not required, uninstall Hitachi Configuration Manager as an alternative mitigation.
No other workarounds are provided, so applying the update or uninstalling is essential.
Can you explain this vulnerability to me?
CVE-2025-5781 is an information exposure vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, and Hitachi Device Manager. It allows session tokens to be stored insecurely, which can lead to session hijacking.
This means an attacker with local access and low privileges could potentially use exposed session tokens to impersonate a legitimate user without needing user interaction.