PT-2026-38344 · Hitachi · Virtual Storage Platform One Block 24+3
Published
2026-05-07
·
Updated
2026-05-08
·
CVE-2025-9661
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hitachi Virtual Storage Platform One Block 23 versions prior to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
Hitachi Virtual Storage Platform One Block 24 versions prior to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
Hitachi Virtual Storage Platform One Block 26 versions prior to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
Hitachi Virtual Storage Platform One Block 28 versions prior to DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
Description
OS command injection exists in the management GUI maintenance utility. This allows an attacker to execute arbitrary operating system commands on the affected system.
Recommendations
Update Hitachi Virtual Storage Platform One Block 23 to DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.
Update Hitachi Virtual Storage Platform One Block 24 to DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.
Update Hitachi Virtual Storage Platform One Block 26 to DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.
Update Hitachi Virtual Storage Platform One Block 28 to DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Virtual Storage Platform One Block 23
Virtual Storage Platform One Block 24
Virtual Storage Platform One Block 26
Virtual Storage Platform One Block 28