CVE-2025-1978
Awaiting Analysis Awaiting Analysis - Queue
Remote Code Execution in Hitachi Virtual Storage Platform

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: Hitachi, Ltd.

Description
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,Β Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28Β  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-1978
EUVD
EUVD-2025-209709
Affected Vendors & Products
Showing 33 associated CPEs
Vendor Product Version / Range
hitachi virtual_storage_platform_g130 *
hitachi virtual_storage_platform_g150 *
hitachi virtual_storage_platform_g350 *
hitachi virtual_storage_platform_g370 *
hitachi virtual_storage_platform_g700 *
hitachi virtual_storage_platform_g900 *
hitachi virtual_storage_platform_f350 *
hitachi virtual_storage_platform_f370 *
hitachi virtual_storage_platform_f700 *
hitachi virtual_storage_platform_f900 *
hitachi virtual_storage_platform_e390 *
hitachi virtual_storage_platform_e590 *
hitachi virtual_storage_platform_e790 *
hitachi virtual_storage_platform_e990 *
hitachi virtual_storage_platform_e1090 *
hitachi virtual_storage_platform_e390h *
hitachi virtual_storage_platform_e590h *
hitachi virtual_storage_platform_e790h *
hitachi virtual_storage_platform_e1090h *
hitachi virtual_storage_platform_one_block_23 *
hitachi virtual_storage_platform_one_block_24 *
hitachi virtual_storage_platform_one_block_26 *
hitachi virtual_storage_platform_one_block_28 *
hitachi dkcmain to 88-08-16-xx/00 (exc)
hitachi svp to 88-08-18-xx/00 (exc)
hitachi dkcmain to 93-07-26-xx/00 (exc)
hitachi svp to 93-07-26-xx/00 (exc)
hitachi dkcmain to A3-04-02-xx/00 (exc)
hitachi mpc to A3-04-02-xx/00 (exc)
hitachi dkcmain to A3-03-41-xx/00 (exc)
hitachi mpc to A3-03-41-xx/00 (exc)
hitachi dkcmain to A3-03-03-xx/00 (exc)
hitachi mpc to A3-03-03-xx/00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2025-1978, is a remote code execution flaw found in the management software called Storage Navigator used in various Hitachi Disk Array Systems. It affects multiple models of the Hitachi Virtual Storage Platform and Hitachi Virtual Storage Platform One Block series. An attacker could exploit this vulnerability remotely to execute arbitrary code on the affected systems.

Impact Analysis

Exploitation of this vulnerability can allow an attacker to remotely execute code on the affected storage systems without any privileges or user interaction. This can lead to unauthorized control over the system, potentially compromising the confidentiality, integrity, and availability of data stored on these platforms.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

The permanent solution to mitigate this vulnerability is to replace the microcode with a modified version for the affected software components (DKCMAIN, SVP, MPC) on the impacted Hitachi Virtual Storage Platform models.

No interim action is recommended by Hitachi.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-1978. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart