CVE-2025-1978: Hitachi Storage RCE Vulnerability Exposes Enterprise Data

/HIGH /CVSS 8.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityremote-code-executioncwe-94
CVE-2025-1978: Hitachi Storage RCE Vulnerability Exposes Enterprise Data

The National Vulnerability Database has disclosed CVE-2025-1978, a critical remote code execution vulnerability affecting numerous Hitachi Virtual Storage Platform (VSP) models. This flaw resides in the storage system’s management interface and maintenance console, presenting a direct pathway for attackers to compromise sensitive enterprise data. The CVSS score of 8.3 highlights the severity, indicating a high risk of exploitation.

This vulnerability impacts a wide range of Hitachi VSP G, F, E, and One Block series storage systems. Exploitation requires no privileges and no user interaction, making it an attractive target for threat actors. Attackers can leverage this flaw to execute arbitrary code, potentially leading to data exfiltration, system manipulation, or complete denial of service. Defenders must prioritize patching these systems to mitigate this significant risk.

Given the nature of storage systems, a successful exploit here could be catastrophic. Organizations running affected Hitachi VSP models need to urgently review their firmware versions against the disclosed patch indicators. Proactive patching and hardening of the storage management network are essential steps to prevent potential breaches.

What This Means For You

  • If your organization utilizes Hitachi Virtual Storage Platform G, F, E, or One Block series, immediately verify your DKCMAIN and SVP firmware versions against the patch levels specified in CVE-2025-1978. Prioritize updating systems that fall below the secure version thresholds to prevent potential remote code execution.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1207 Rogue Domain Controller Initial Access T1059.001 PowerShell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2025-1978: Hitachi Storage Navigator RCE via Crafted Request

Sigma YAML — free preview 
title: CVE-2025-1978: Hitachi Storage Navigator RCE via Crafted Request
id: scw-2026-05-07-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to exploit CVE-2025-1978 by looking for requests targeting the Hitachi Storage Navigator servlet with a specific query pattern indicative of command injection attempts. The vulnerability allows for Remote Code Execution (RCE) when unauthenticated users can send specially crafted requests.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2025-1978/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/servlet/StorageNavigator'
      cs-uri-query|contains:
          - 'cmd=get&param=' 
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2025-1978 RCE Hitachi Storage Navigator
CVE-2025-1978 RCE Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
CVE-2025-1978 RCE Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00
CVE-2025-1978 RCE Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00
CVE-2025-1978 RCE maintenance console in Hitachi Virtual Storage Platform

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 07, 2026 at 12:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-44407 — Denial of Service

CVE-2026-44407 — A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service....

vulnerabilityCVEmedium-severitydenial-of-servicecwe-134
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-27421 — WProyal Royal Elementor Addons Cross-Site Scripting (XSS)

CVE-2026-27421 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-27416 — BPlugins PDF Poster Vulnerability

CVE-2026-27416 — Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 2 Sigma