CVE-2025-5781 is classified under CWE-532, which involves the insertion of sensitive information into log files, leading to information exposure. This vulnerability affects multiple Hitachi management products, including Hitachi Ops Center API Configuration Manager (versions 10.0.0-00 up to but not including 11.0.5-00), Hitachi Configuration Manager (8.5.1-00 to before 11.0.5-00), and Hitachi Device Manager (8.4.1-00 to before 8.6.5-00). The core issue is that sensitive session-related data is improperly logged, which can be accessed by unauthorized users with local privileges. This exposure can enable session hijacking attacks, where an attacker leverages leaked session tokens or credentials to impersonate legitimate users, potentially gaining unauthorized access to management functions. The vulnerability requires low privileges (local access) but no user interaction, and the attack vector is local (AV:L). The scope is changed (S:C) because the vulnerability can affect multiple components or users. The CVSS 3.1 base score is 5.2, reflecting medium severity due to limited impact on availability but moderate impact on confidentiality and integrity. No public exploits have been reported yet, and no patches are currently linked, indicating that remediation may be pending or in progress. The vulnerability highlights the importance of secure logging practices, especially in critical infrastructure management tools.

The vulnerability poses a moderate risk to organizations using affected Hitachi management products, particularly those managing storage and infrastructure environments. Exposure of sensitive session information in logs can lead to session hijacking, allowing attackers to gain unauthorized access to management consoles. This can result in unauthorized configuration changes, data exposure, or further lateral movement within the network. While availability is not directly impacted, the compromise of confidentiality and integrity of management sessions can undermine the security posture of critical infrastructure. Organizations with large deployments of Hitachi storage and device management solutions are at higher risk, especially if local access controls are weak or if logs are accessible to unauthorized personnel. The lack of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once details become widely known.

Organizations should implement strict access controls to limit local access to systems running affected Hitachi management products. Restrict permissions on log files to prevent unauthorized reading of sensitive information. Monitor logs for unusual access patterns or attempts to access sensitive session data. Employ network segmentation to isolate management interfaces and reduce exposure. Regularly audit and review logging configurations to ensure sensitive data is not recorded. Stay informed about Hitachi's security advisories and apply patches or updates promptly once available. Consider using additional security controls such as multi-factor authentication for management access to reduce the impact of potential session hijacking. If patching is delayed, consider disabling or limiting logging of session-related information where feasible without impacting operational needs.