OS Command Injection Vulnerability in Hitachi Virtual Storage Platform
CVE-2025-9661

8.1HIGH

Key Information:

Vendor

Hitachi
Status
Hitachi Virtual Storage Platform One Block 23
Hitachi Virtual Storage Platform One Block 24
Hitachi Virtual Storage Platform One Block 26
Hitachi Virtual Storage Platform One Block 28
Vendor
CVE Published:
7 May 2026

What is CVE-2025-9661?

An OS command injection vulnerability exists in the management GUI of Hitachi Virtual Storage Platform One Block 23, 24, 26, and 28. This flaw allows an attacker to execute arbitrary operating system commands via specially crafted requests. It is crucial to apply necessary patches and updates to ensure the security of affected products, particularly for versions prior to DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.

Affected Version(s)

Hitachi Virtual Storage Platform One Block 23 0

Hitachi Virtual Storage Platform One Block 24 0

Hitachi Virtual Storage Platform One Block 26 0

References

https://www.hitachi.com/products/it/storage-solutions/sec...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.