CVE-2025-9661
CRITICAL WAF: High
CVSS 9.8
Published: 2026-05-07
CWE-78
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hitachi | virtual_storage_one_block | 23 |
| hitachi | virtual_storage_one_block | 24 |
| hitachi | virtual_storage_one_block | 26 |
| hitachi | virtual_storage_one_block | 28 |
References
- www.hitachi.com (Vendor Advisory)