CVE-2025-2902 - Vulnerability Details

Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.

This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00195.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi

Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00

Hitachi

Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00

Hitachi

Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Hitachi Subscribe	5100 Subscribe 5100h Subscribe 5200 Subscribe 5200h Subscribe 5500 Subscribe 5500h Subscribe 5600 Subscribe 5600h Subscribe E1090 Subscribe E1090h Subscribe E390 Subscribe E390h Subscribe E590 Subscribe E590h Subscribe E790 Subscribe E790h Subscribe E990 Subscribe F350 Subscribe F370 Subscribe F700 Subscribe F900 Subscribe G130 Subscribe G150 Subscribe G350 Subscribe G370 Subscribe G700 Subscribe G900 Subscribe

Project Subscriptions

Vendors	Products
Hitachi Subscribe	5100 Subscribe 5100h Subscribe 5200 Subscribe 5200h Subscribe 5500 Subscribe 5500h Subscribe 5600 Subscribe 5600h Subscribe E1090 Subscribe E1090h Subscribe E390 Subscribe E390h Subscribe E590 Subscribe E590h Subscribe E790 Subscribe E790h Subscribe E990 Subscribe F350 Subscribe F370 Subscribe F700 Subscribe F900 Subscribe G130 Subscribe G150 Subscribe G350 Subscribe G370 Subscribe G700 Subscribe G900 Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html

History

Mon, 29 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 29 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachi Hitachi 5100 Hitachi 5100h Hitachi 5200 Hitachi 5200h Hitachi 5500 Hitachi 5500h Hitachi 5600 Hitachi 5600h Hitachi e1090 Hitachi e1090h Hitachi e390 Hitachi e390h Hitachi e590 Hitachi e590h Hitachi e790 Hitachi e790h Hitachi e990 Hitachi f350 Hitachi f370 Hitachi f700 Hitachi f900 Hitachi g130 Hitachi g150 Hitachi g350 Hitachi g370 Hitachi g700 Hitachi g900
Vendors & Products		Hitachi Hitachi 5100 Hitachi 5100h Hitachi 5200 Hitachi 5200h Hitachi 5500 Hitachi 5500h Hitachi 5600 Hitachi 5600h Hitachi e1090 Hitachi e1090h Hitachi e390 Hitachi e390h Hitachi e590 Hitachi e590h Hitachi e790 Hitachi e790h Hitachi e990 Hitachi f350 Hitachi f370 Hitachi f700 Hitachi f900 Hitachi g130 Hitachi g150 Hitachi g350 Hitachi g370 Hitachi g700 Hitachi g900

Mon, 29 Jun 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
Title		Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
Weaknesses		CWE-862
References		https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2026-06-29T05:52:39.570Z

Updated: 2026-06-29T12:40:09.069Z

Reserved: 2025-03-28T06:25:15.368Z

Link: CVE-2025-2902

Vulnrichment

Updated: 2026-06-29T12:40:03.611Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-29T11:00:05Z

Weaknesses

CWE-862

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object