CVE-2025-1978
Remote Code Execution in Hitachi Virtual Storage Platform
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Hitachi, Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachi | virtual_storage_platform_g130 | * |
| hitachi | virtual_storage_platform_g150 | * |
| hitachi | virtual_storage_platform_g350 | * |
| hitachi | virtual_storage_platform_g370 | * |
| hitachi | virtual_storage_platform_g700 | * |
| hitachi | virtual_storage_platform_g900 | * |
| hitachi | virtual_storage_platform_f350 | * |
| hitachi | virtual_storage_platform_f370 | * |
| hitachi | virtual_storage_platform_f700 | * |
| hitachi | virtual_storage_platform_f900 | * |
| hitachi | virtual_storage_platform_e390 | * |
| hitachi | virtual_storage_platform_e590 | * |
| hitachi | virtual_storage_platform_e790 | * |
| hitachi | virtual_storage_platform_e990 | * |
| hitachi | virtual_storage_platform_e1090 | * |
| hitachi | virtual_storage_platform_e390h | * |
| hitachi | virtual_storage_platform_e590h | * |
| hitachi | virtual_storage_platform_e790h | * |
| hitachi | virtual_storage_platform_e1090h | * |
| hitachi | virtual_storage_platform_one_block_23 | * |
| hitachi | virtual_storage_platform_one_block_24 | * |
| hitachi | virtual_storage_platform_one_block_26 | * |
| hitachi | virtual_storage_platform_one_block_28 | * |
| hitachi | dkcmain | to 88-08-16-xx/00 (exc) |
| hitachi | svp | to 88-08-18-xx/00 (exc) |
| hitachi | dkcmain | to 93-07-26-xx/00 (exc) |
| hitachi | svp | to 93-07-26-xx/00 (exc) |
| hitachi | dkcmain | to A3-04-02-xx/00 (exc) |
| hitachi | mpc | to A3-04-02-xx/00 (exc) |
| hitachi | dkcmain | to A3-03-41-xx/00 (exc) |
| hitachi | mpc | to A3-03-41-xx/00 (exc) |
| hitachi | dkcmain | to A3-03-03-xx/00 (exc) |
| hitachi | mpc | to A3-03-03-xx/00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability, identified as CVE-2025-1978, is a remote code execution flaw found in the management software called Storage Navigator used in various Hitachi Disk Array Systems. It affects multiple models of the Hitachi Virtual Storage Platform and Hitachi Virtual Storage Platform One Block series. An attacker could exploit this vulnerability remotely to execute arbitrary code on the affected systems.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to remotely execute code on the affected storage systems without any privileges or user interaction. This can lead to unauthorized control over the system, potentially compromising the confidentiality, integrity, and availability of data stored on these platforms.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The permanent solution to mitigate this vulnerability is to replace the microcode with a modified version for the affected software components (DKCMAIN, SVP, MPC) on the impacted Hitachi Virtual Storage Platform models.
No interim action is recommended by Hitachi.