CVE-2025-2902: CWE-862 Missing Authorization in Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-2902) in Hitachi Virtual Storage Platform products is classified as CWE-862 (Missing Authorization). It affects the maintenance utility component across multiple platform models including E390, E590, E790, E990, E1090 series and others, as well as the 5100, 5500, 5200, 5600, and G130 through F900 series. The affected versions are those before certain DKCMAIN and GUM versions specified in the description. The flaw allows an attacker with low privileges to bypass authorization controls, potentially leading to unauthorized modification or disruption of system integrity and availability. The vulnerability has a CVSS score of 8.3, reflecting its high impact and ease of exploitation over the network without user interaction. No official remediation or patch information is provided in the source data.
Potential Impact
Successful exploitation could allow an attacker with low privileges to perform unauthorized actions on the maintenance utility, potentially compromising system integrity and availability. Confidentiality impact is limited to low. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official remediation level or patch links are provided, users should monitor Hitachi's advisories for updates. Until a fix is available, restrict access to the maintenance utility to trusted administrators only and apply strict access controls to limit exposure.
CVE-2025-2902: CWE-862 Missing Authorization in Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H
Description
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
CVSS v3.1
Score 8.3high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-2902) in Hitachi Virtual Storage Platform products is classified as CWE-862 (Missing Authorization). It affects the maintenance utility component across multiple platform models including E390, E590, E790, E990, E1090 series and others, as well as the 5100, 5500, 5200, 5600, and G130 through F900 series. The affected versions are those before certain DKCMAIN and GUM versions specified in the description. The flaw allows an attacker with low privileges to bypass authorization controls, potentially leading to unauthorized modification or disruption of system integrity and availability. The vulnerability has a CVSS score of 8.3, reflecting its high impact and ease of exploitation over the network without user interaction. No official remediation or patch information is provided in the source data.
Potential Impact
Successful exploitation could allow an attacker with low privileges to perform unauthorized actions on the maintenance utility, potentially compromising system integrity and availability. Confidentiality impact is limited to low. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official remediation level or patch links are provided, users should monitor Hitachi's advisories for updates. Until a fix is available, restrict access to the maintenance utility to trusted administrators only and apply strict access controls to limit exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Hitachi
- Date Reserved
- 2025-03-28T06:25:15.368Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a42197427e9c79719692438
Added to database: 06/29/2026, 07:06:28 UTC
Last enriched: 06/29/2026, 07:21:24 UTC
Last updated: 06/29/2026, 22:41:20 UTC
Views: 96
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.