CVE-2025-2514
Authentication Bypass in Hitachi Virtual Storage Platform
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Hitachi, Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachi | virtual_storage_platform_g130 | * |
| hitachi | virtual_storage_platform_g150 | * |
| hitachi | virtual_storage_platform_g350 | * |
| hitachi | virtual_storage_platform_g370 | * |
| hitachi | virtual_storage_platform_g700 | * |
| hitachi | virtual_storage_platform_g900 | * |
| hitachi | virtual_storage_platform_f350 | * |
| hitachi | virtual_storage_platform_f370 | * |
| hitachi | virtual_storage_platform_f700 | * |
| hitachi | virtual_storage_platform_f900 | * |
| hitachi | virtual_storage_platform_e390 | * |
| hitachi | virtual_storage_platform_e590 | * |
| hitachi | virtual_storage_platform_e790 | * |
| hitachi | virtual_storage_platform_e990 | * |
| hitachi | virtual_storage_platform_e1090 | * |
| hitachi | virtual_storage_platform_e390h | * |
| hitachi | virtual_storage_platform_e590h | * |
| hitachi | virtual_storage_platform_e790h | * |
| hitachi | virtual_storage_platform_e1090h | * |
| hitachi | virtual_storage_platform_one_block_23 | * |
| hitachi | virtual_storage_platform_one_block_24 | * |
| hitachi | virtual_storage_platform_one_block_26 | * |
| hitachi | virtual_storage_platform_one_block_28 | * |
| hitachi | virtual_storage_platform | to 88-08-16-xx/00 (exc) |
| hitachi | virtual_storage_platform | to 88-08-20/00 (exc) |
| hitachi | virtual_storage_platform | to 93-07-26-xx/00 (exc) |
| hitachi | virtual_storage_platform | to 93-07-26/00 (exc) |
| hitachi | virtual_storage_platform | to A3-04-02-xx/00 (exc) |
| hitachi | virtual_storage_platform | to A3-04-02/00 (exc) |
| hitachi | virtual_storage_platform | to A3-03-41-xx/00 (exc) |
| hitachi | virtual_storage_platform | to A3-03-41/00 (exc) |
| hitachi | virtual_storage_platform | to A3-03-03-xx/00 (exc) |
| hitachi | virtual_storage_platform | to A3-03-02/00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-2514 is a vulnerability in multiple Hitachi Virtual Storage Platform systems where there is an improper restriction on excessive authentication attempts.
This means that the affected systems do not adequately limit the number of failed login attempts, potentially allowing an attacker to repeatedly try to authenticate without being blocked.
Such a flaw could enable unauthorized access if an attacker can guess or brute-force credentials due to the lack of proper throttling or lockout mechanisms.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to gain unauthorized access to the affected Hitachi Virtual Storage Platform systems by repeatedly attempting to authenticate without restriction.
This unauthorized access could lead to potential exposure or compromise of sensitive data stored on these platforms.
Since the vulnerability involves authentication bypass through excessive attempts, it increases the risk of security breaches and data integrity issues.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper restriction of excessive authentication attempts, which could be detected by monitoring repeated failed login attempts on affected Hitachi Virtual Storage Platform systems.
However, no specific detection commands or methods are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The permanent solution to mitigate this vulnerability is to replace the microcode with updated versions provided by Hitachi.
Currently, no interim actions or immediate mitigation steps are recommended by Hitachi.
Users are advised to verify the latest security information from Hitachi before taking any action.