CVE-2025-0824
Received Received - Intake

Firmware Update Validation Flaw in Hitachi Virtual Storage Platform One Block

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Hitachi, Ltd.

Description
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2025-0824
EUVD
EUVD-2025-210367

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hitachi virtual_storage_platform_one_block to dkcmain_a3-04-21-40/00 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-0824 is a vulnerability in Hitachi Disk Array Systems caused by improper input validation in the firmware replacement function.

It affects Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 before the microcode versions DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.

Impact Analysis

This vulnerability can lead to integrity and availability issues in the affected storage systems.

  • It has a CVSS v3.1 base score of 3.7, indicating a low to medium severity.
  • The attack vector is network-based with high attack complexity, requiring low privileges and user interaction.
  • Successful exploitation could result in limited integrity and availability impacts on the storage platform.
Mitigation Strategies

The permanent action required to mitigate this vulnerability is to replace the microcode with the modified versions DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.

No interim or immediate actions are specified by Hitachi.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0824. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart