CVE-2025-9661
Analyzed Analyzed - Analysis Complete
OS Command Injection in Hitachi Virtual Storage Platform One Block

Publication date: 2026-05-07

Last updated on: 2026-05-08

Assigner: Hitachi, Ltd.

Description
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9661
EUVD
EUVD-2025-209708
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
hitachi virtual_storage_one_block 23
hitachi virtual_storage_one_block 24
hitachi virtual_storage_one_block 26
hitachi virtual_storage_one_block 28
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9661 is an OS command injection vulnerability found in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28.

This vulnerability allows an attacker to inject operating system commands through the management interface, potentially leading to unauthorized command execution on the affected system.

Impact Analysis

This vulnerability can have a high impact as it allows remote attackers to execute arbitrary OS commands without any privileges or user interaction.

The CVSS v3.1 base score of 8.1 indicates a high severity, with potential impacts including complete compromise of confidentiality, integrity, and availability of the affected storage platform.

Mitigation Strategies

The permanent action to mitigate this vulnerability is to replace the microcode with a modified version (DKCMAIN A3-04-21-40/00, ESM A3-04-21/00).

No interim action is required.

Users are advised to confirm they are referencing the latest information due to potential updates.

Compliance Impact

The provided information does not specify how the OS command injection vulnerability in Hitachi Virtual Storage Platform One Block affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9661. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart