Executive Summary
A medium-severity vulnerability, CVE-2025-7386, was discovered in Hitachi Storage Navigator, affecting multiple Hitachi Virtual Storage Platform models. This information exposure vulnerability has a CVSS score of 6.8 and requires high privileges to exploit. To mitigate this vulnerability, administrators should update their systems to the specified versions.
Technical Analysis
CVE-2025-7386 is an information exposure vulnerability in Hitachi Storage Navigator. The vulnerability class is related to insufficient access control or input validation, leading to sensitive information disclosure. The attack vector is network-based, requiring high privileges to exploit.
How It Gets Exploited
An attacker with high privileges on the network can exploit this vulnerability. The exploitation scenario involves the attacker sending a crafted request to the Hitachi Storage Navigator. The specific action triggers the vulnerability, potentially leading to sensitive information disclosure. The attacker gains access to sensitive information, which can be used for further exploitation or malicious purposes.
Impact Assessment
The affected products include Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8, G1000, G1500, F1500, and VX7. The vulnerability has a CVSS score of 6.8, indicating a medium severity level. The impact is primarily on confidentiality, with no impact on integrity or availability.
Recommended Actions
To mitigate this vulnerability, administrators should update their Hitachi Virtual Storage Platform systems to the specified versions:
- For Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: Update to DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00 or later.
- For Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: Update to DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00 or later.
Sources
- National Vulnerability Database (NVD)
- Hitachi Security Information