CVE-2025-1978

Name: CVE-2025-1978
Creator: NVD / NIST
Published: 2026-05-07T09:16:26.017+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.55%

Last modified Jun 17, 2026

CVE-2025-1978 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.55%

41.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Hitachi	Virtual Storage One Block	23
Hitachi	Virtual Storage One Block	24
Hitachi	Virtual Storage One Block	26
Hitachi	Virtual Storage One Block	28
Hitachi	Vsp G130 Firmware	All versions
Hitachi	Vsp G150 Firmware	All versions
Hitachi	Vsp G350 Firmware	All versions
Hitachi	Vsp G370 Firmware	All versions
Hitachi	Vsp G700 Firmware	All versions
Hitachi	Vsp G900 Firmware	All versions
Hitachi	Vsp F350 Firmware	All versions
Hitachi	Vsp F370 Firmware	All versions
Hitachi	Vsp F700 Firmware	All versions
Hitachi	Vsp F900 Firmware	All versions
Hitachi	Vsp E390 Firmware	All versions
Hitachi	Vsp E590 Firmware	All versions
Hitachi	Vsp E790 Firmware	All versions
Hitachi	Vsp E990 Firmware	All versions
Hitachi	Vsp E1090 Firmware	All versions
Hitachi	Vsp E390h Firmware	All versions
Hitachi	Vsp E590h Firmware	All versions
Hitachi	Vsp E790h Firmware	All versions
Hitachi	Vsp E1090h Firmware	All versions

References

https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.htmlVendor Advisory

Timeline

Published: May 7, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-1978?

How severe is CVE-2025-1978?

CVE-2025-1978 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2025-1978?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-1978?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST