CVE-2025-5781
Received Received - Intake
Information Exposure in Hitachi Ops Center Enables Session Hijacking

Publication date: 2026-02-25

Last updated on: 2026-02-27

Assigner: Hitachi, Ltd.

Description
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5781
EUVD
EUVD-2025-208107
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
hitachi configuration_manager From 8.5.1-00 (inc)
hitachi configuration_manager From 8.5.1-00 (inc) to 11.0.5-00 (exc)
hitachi device_manager From 8.4.1-00 (inc) to 8.6.5-00 (exc)
hitachi ops_center_api_configuration_manager From 10.0.0-00 (inc) to 11.0.5-00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-5781 is an information exposure vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, and Hitachi Device Manager. It allows session tokens to be stored insecurely, which can lead to session hijacking.

This means an attacker with local access and low privileges could potentially use exposed session tokens to impersonate a legitimate user without needing user interaction.

Impact Analysis

The vulnerability can impact you by allowing an attacker to hijack sessions through exposed session tokens. This can lead to unauthorized access to sensitive information and potentially compromise the confidentiality and integrity of your system.

  • Local attacker with low privileges can exploit the vulnerability.
  • No user interaction is required for exploitation.
  • The impact includes low confidentiality and integrity loss but no impact on availability.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability CVE-2025-5781, the recommended immediate step is to upgrade affected products to version 11.0.5-00 or later.

  • Upgrade Hitachi Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
  • Upgrade Hitachi Ops Center API Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
  • If REST API functionality is not required, uninstall Hitachi Configuration Manager as an alternative mitigation.

No other workarounds are provided, so applying the update or uninstalling is essential.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5781. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart