CVE-2025-5781
Received Received - Intake

Information Exposure in Hitachi Ops Center Enables Session Hijacking

Vulnerability report for CVE-2025-5781, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-25

Last updated on: 2026-02-27

Assigner: Hitachi, Ltd.

Description

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-25
Last Modified
2026-02-27
Generated
2026-07-06
AI Q&A
2026-02-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
hitachi configuration_manager From 8.5.1-00 (inc)
hitachi configuration_manager From 8.5.1-00 (inc) to 11.0.5-00 (exc)
hitachi device_manager From 8.4.1-00 (inc) to 8.6.5-00 (exc)
hitachi ops_center_api_configuration_manager From 10.0.0-00 (inc) to 11.0.5-00 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-5781 is an information exposure vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, and Hitachi Device Manager. It allows session tokens to be stored insecurely, which can lead to session hijacking.

This means an attacker with local access and low privileges could potentially use exposed session tokens to impersonate a legitimate user without needing user interaction.

Impact Analysis

The vulnerability can impact you by allowing an attacker to hijack sessions through exposed session tokens. This can lead to unauthorized access to sensitive information and potentially compromise the confidentiality and integrity of your system.

  • Local attacker with low privileges can exploit the vulnerability.
  • No user interaction is required for exploitation.
  • The impact includes low confidentiality and integrity loss but no impact on availability.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability CVE-2025-5781, the recommended immediate step is to upgrade affected products to version 11.0.5-00 or later.

  • Upgrade Hitachi Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
  • Upgrade Hitachi Ops Center API Configuration Manager to version 11.0.5-00 or later on Windows and Linux.
  • If REST API functionality is not required, uninstall Hitachi Configuration Manager as an alternative mitigation.

No other workarounds are provided, so applying the update or uninstalling is essential.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5781. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart