External risk intelligence

Hitachi storage systems allow attackers to take control of company data.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-9661

A critical flaw in Hitachi Virtual Storage Platform One Block allows unauthorized users to run commands, potentially giving attackers full control over your company's sensitive data.

1Halo Surface Signal

OS Command Injection

Hitachi Virtual Storage One Block

23242628

External exposure likelihood

Halo Surface Signal score for CVE-2025-9661

The vulnerability affects a storage appliance management utility. These interfaces are infrastructure components typically restricted to internal, private, or segmented management networks and are not designed or intended to be exposed to the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An operating system command injection vulnerability exists in the management interface of Hitachi Virtual Storage Platform One Block. This means an attacker could potentially run arbitrary commands on the affected system, which could lead to complete compromise.

  • Allows full control of the system.
  • Impacts critical storage infrastructure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability to execute arbitrary commands on the affected Hitachi Virtual Storage Platform One Block systems. This is possible because the management GUI's maintenance utility does not properly sanitize user input, allowing malicious commands to be injected and run with elevated privileges. This could lead to complete system compromise and data theft.

  • Unauthenticated network access is required.
  • Exploitation targets the management GUI.
  • A specific, vulnerable version is needed.

Live Threat

Current exploitation, exposure, and threat context

This OS command injection vulnerability in Hitachi's Virtual Storage Platform One Block management GUI could be attractive to attackers due to its critical severity and lack of authentication requirement for exploitation. However, the primary deterrent is likely that the affected component is an infrastructure management utility for storage appliances, which are typically not directly exposed to the public internet.

  • Exploitation requires network access.
  • No public exploit details are currently available.
  • Affected systems are internal infrastructure.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching or updating Hitachi Virtual Storage Platform One Block systems to mitigate the critical OS command injection vulnerability. If immediate patching is not feasible, isolate affected systems from untrusted networks to prevent exploitation.

  • Update DKCMAIN to A3-04-21-40/00 or later.
  • Update ESM to A3-04-21/00 or later.
  • Monitor network traffic for suspicious commands.

Frequently asked questions

What is Hitachi Virtual Storage Platform One Block?

Hitachi Virtual Storage Platform One Block is a storage system used by businesses to manage and store large amounts of data. The affected versions are 23, 24, 26, and 28.

What is CVE-2025-9661?

CVE-2025-9661 describes an OS command injection vulnerability. This weakness allows an attacker to trick the software into running unintended operating system commands, potentially giving them control over the system.

How might an attacker exploit this vulnerability?

An attacker could exploit this by sending specially crafted input to the management interface's maintenance utility. This could trick the system into executing commands that the attacker chooses. The vulnerability is not triggered if the system is already updated to the correct versions.

Who should be concerned about CVE-2025-9661?

Organizations using Hitachi Virtual Storage Platform One Block versions 23, 24, 26, or 28 should be concerned. While the Halo Surface Signal indicates this is very unlikely to be exposed to the internet, meaning it's typically an internal system, any exposure or potential for internal access means it's relevant.

What are the first steps for managing this threat?

The immediate first step is to update the Hitachi Virtual Storage Platform One Block system. Specifically, update DKCMAIN to version A3-04-21-40/00 or later, and ESM to version A3-04-21/00 or later. If immediate patching is impossible, isolate the affected systems from networks that are not fully trusted.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified