What is CVE-2025-1978?

CVE-2025-1978 represents a high-severity remote code execution vulnerability in multiple Hitachi Virtual Storage Platform products. Organizations must act promptly to mitigate risks associated with this vulnerability.

What is the severity of CVE-2025-1978?

CVE-2025-1978 has a severity rating of HIGH with a CVSS base score of 8.3.

CVE-2025-1978 | Hitachi - Code Injection

CVE-2025-1978 is a high-severity remote code execution vulnerability that affects multiple models of the Hitachi Virtual Storage Platform, including the G130, G150, G350, G370, G700, G900, and several models in the F and E series. This vulnerability allows attackers to execute arbitrary code remotely, which poses a critical threat to data integrity and system availability.

The CVSS score for this vulnerability is 8.3, indicating a high level of risk. The attack vector is network-based, and the complexity is low, meaning that no special conditions need to be met for exploitation. With no privileges required and no user interaction necessary, the vulnerability can be exploited easily.

Risk to organizations includes potential unauthorized access to sensitive information, disruption of services, and significant data loss. Organizations should prioritize patching immediately to secure their systems against this vulnerability.

Currently, there is no known proof of concept for this vulnerability. However, the high CVSS score and the nature of the vulnerability highlight the urgency for defenders to implement mitigation strategies.

The vulnerability was published on May 7, 2026, and has been analyzed for its impact and exploitation potential. Organizations utilizing affected products must take immediate action to safeguard their systems.

It is critical for organizations to stay informed about vulnerabilities such as CVE-2025-1978 and to implement appropriate security measures to mitigate potential risks.

Vulnerability Details

The vulnerability allows for remote code execution in the maintenance console of various Hitachi Virtual Storage Platform models. The specific configurations affected include versions prior to DKCMAIN Ver. 88-08-16-xx/00 and SVP Ver. 88-08-18-xx/00, among others.

Technical Analysis

The root cause of this vulnerability lies in insufficient validation of user input in the maintenance console, allowing for arbitrary code execution. The attack vector is network-based, making it accessible to attackers without the need for local access. The attack complexity is low, which, combined with the lack of required privileges or user interaction, makes it a significant risk for organizations.

Risk & Impact Analysis

The real-world deployment risk involves the possibility of attackers exploiting this vulnerability to gain unauthorized access to critical systems. With a blast radius that could potentially impact multiple customers using the affected Hitachi products, the urgency is high. Organizations should assess their exposure and implement necessary security measures promptly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include various firmware versions for the Hitachi Virtual Storage Platform models. All versions prior to the vendor's patch are vulnerable, which includes multiple firmware versions across the G, F, and E series.

Mitigation & Remediation

Organizations should implement the latest patches provided by Hitachi to remediate this vulnerability. If a patch is unavailable, organizations are advised to implement strong network segmentation, restrict access to the maintenance console, and monitor for any unauthorized access attempts.

Detection Guidance

Monitoring logs for unusual activity in the maintenance console and network traffic anomalies can help in detecting potential exploitation attempts. Organizations should also look for any unauthorized commands executed in the system logs.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-1978 lies in the potential for widespread impact due to the nature of remote code execution vulnerabilities. Security teams should remain vigilant and proactive in applying security patches and monitoring for vulnerabilities in their environments.

Identifying patterns in vulnerabilities of this nature can inform security strategies and improve defenses against similar attacks in the future. Organizations are encouraged to develop a comprehensive vulnerability management program.

For additional insights into vulnerability management, organizations can refer to our guide on vulnerability management programs.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1978: High Vulnerability in Hitachi Virtual Storage Platform