External risk intelligence

Attacker can gain full control of Hitachi storage systems.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-1978

An external attacker could exploit a flaw in Hitachi Storage Navigator to gain control of critical storage systems, potentially resulting in data loss or operational disruption. This vulnerability allows unauthorized commands to be run on the hardware, creating a significant risk to business operations.

2Halo Surface Signal

Code Injection

Hitachi Virtual Storage One Block

23242628

External exposure likelihood

Halo Surface Signal score for CVE-2025-1978

This is a management console for storage arrays. Such interfaces are intended for internal administration and are not designed for public internet connectivity. Access typically requires presence on an internal management network or VPN, so direct exposure to the public internet is considered an uncommon and unintended configuration in standard, well-managed deployments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability allows unauthorized code execution on Hitachi Virtual Storage Platform systems. It's critical to address because successful exploitation could lead to a complete compromise of your storage infrastructure.

  • Allows remote control of storage.
  • Affects critical data storage systems.
  • Requires no prior access.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by targeting the Hitachi Storage Navigator or maintenance console. Since the vulnerability requires no authentication and is network-accessible, an attacker could remotely execute code by sending a specially crafted request to the vulnerable interface. This could allow them to compromise the storage system.

  • Network access is sufficient.
  • Exploits the management console interface.
  • No user interaction needed.

Live Threat

Current exploitation, exposure, and threat context

This remote code execution vulnerability in Hitachi storage systems presents a moderate threat. While the vulnerability itself is severe, the target environment is typically isolated, limiting direct public access. Attackers would likely need to gain initial access to the internal network before exploiting this flaw.

  • Exploitation requires internal network access.
  • No public exploit code observed.
  • Recency signal: Published May 2026.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching or upgrading affected Hitachi Virtual Storage Platform systems. If immediate patching is not feasible, implement network segmentation and strict access controls for the maintenance console to prevent unauthorized access.

  • Patch to DKCMAIN Ver. 88-08-16-xx/00 or later.
  • Isolate maintenance console network.
  • Monitor for unauthorized access attempts.

Frequently asked questions

What is Hitachi Virtual Storage Platform and what is it used for?

Hitachi Virtual Storage Platform (VSP) is a line of storage systems designed for enterprise data storage needs. It encompasses various models like the VSP G series, F series, E series, and One Block, providing high-performance and reliable storage for critical business data and applications.

What is CVE-2025-1978 and what kind of weakness does it represent?

CVE-2025-1978 is a critical remote code execution vulnerability affecting Hitachi Virtual Storage Platform systems. It is categorized as CWE-94, which refers to the improper control of a program's generation or execution flow, allowing attackers to run arbitrary code.

How can an attacker exploit this Hitachi storage vulnerability?

An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable Hitachi Storage Navigator or maintenance console. The vulnerability does not require any prior authentication or user interaction, making it accessible over the network.

Who should be concerned about CVE-2025-1978?

Organizations using Hitachi Virtual Storage Platform systems should be concerned. Although the Halo Surface Signal indicates this is an unlikely exposure because it's typically an internal management console, any internet-facing or improperly secured internal access could be at risk.

What are the first steps to address this vulnerability on Hitachi VSP?

The primary step is to apply the necessary patches or upgrades for your Hitachi Virtual Storage Platform systems. If immediate patching is not possible, implement strict network segmentation and access controls for the maintenance console to limit potential unauthorized access.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified