CVE-2025-2514 - Vulnerability Details

- Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform

Description

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.

This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.

Published: 2026-05-07

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hitachi

Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
`0`	affected	< DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00
`0`	affected	< DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00
`0`	affected	< DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00
`0`	affected	< DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00

Hitachi

Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
`0`	affected	< DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00
`0`	affected	< DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00
`0`	affected	< DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00
`0`	affected	< DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00

Hitachi

Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28

unaffected

Version	Status	Constraints
`0`	affected	< DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
`0`	affected	< DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00
`0`	affected	< DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00
`0`	affected	< DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00
`0`	affected	< DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00

Configuration 1 [-]

OR	cpe:2.3:a:hitachi:virtual_storage_one_block:23:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:24:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:26:::::::*
	cpe:2.3:a:hitachi:virtual_storage_one_block:28:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:hitachi:vsp_g130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g130:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hitachi:vsp_g150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g150:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hitachi:vsp_g350_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g350:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hitachi:vsp_g370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g370:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hitachi:vsp_g700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g700:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hitachi:vsp_g900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_g900:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hitachi:vsp_f350_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_f350:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hitachi:vsp_f370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_f370:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hitachi:vsp_f700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_f700:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hitachi:vsp_f900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_f900:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hitachi:vsp_e390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e390:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hitachi:vsp_e590_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e590:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hitachi:vsp_e790_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e790:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hitachi:vsp_e990_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e990:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hitachi:vsp_e1090_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e1090:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hitachi:vsp_e390h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e390h:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hitachi:vsp_e590h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e590h:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hitachi:vsp_e790h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e790h:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hitachi:vsp_e1090h:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html

History

Wed, 13 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachi Hitachi virtual Storage One Block Hitachi vsp E1090 Hitachi vsp E1090 Firmware Hitachi vsp E1090h Hitachi vsp E1090h Firmware Hitachi vsp E390 Hitachi vsp E390 Firmware Hitachi vsp E390h Hitachi vsp E390h Firmware Hitachi vsp E590 Hitachi vsp E590 Firmware Hitachi vsp E590h Hitachi vsp E590h Firmware Hitachi vsp E790 Hitachi vsp E790 Firmware Hitachi vsp E790h Hitachi vsp E790h Firmware Hitachi vsp E990 Hitachi vsp E990 Firmware Hitachi vsp F350 Hitachi vsp F350 Firmware Hitachi vsp F370 Hitachi vsp F370 Firmware Hitachi vsp F700 Hitachi vsp F700 Firmware Hitachi vsp F900 Hitachi vsp F900 Firmware Hitachi vsp G130 Hitachi vsp G130 Firmware Hitachi vsp G150 Hitachi vsp G150 Firmware Hitachi vsp G350 Hitachi vsp G350 Firmware Hitachi vsp G370 Hitachi vsp G370 Firmware Hitachi vsp G700 Hitachi vsp G700 Firmware Hitachi vsp G900 Hitachi vsp G900 Firmware
CPEs		cpe:2.3:a:hitachi:virtual_storage_one_block:23:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:24:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:26:::::::* cpe:2.3:a:hitachi:virtual_storage_one_block:28:::::::* cpe:2.3:h:hitachi:vsp_e1090:-:::::::* cpe:2.3:h:hitachi:vsp_e1090h:-:::::::* cpe:2.3:h:hitachi:vsp_e390:-:::::::* cpe:2.3:h:hitachi:vsp_e390h:-:::::::* cpe:2.3:h:hitachi:vsp_e590:-:::::::* cpe:2.3:h:hitachi:vsp_e590h:-:::::::* cpe:2.3:h:hitachi:vsp_e790:-:::::::* cpe:2.3:h:hitachi:vsp_e790h:-:::::::* cpe:2.3:h:hitachi:vsp_e990:-:::::::* cpe:2.3:h:hitachi:vsp_f350:-:::::::* cpe:2.3:h:hitachi:vsp_f370:-:::::::* cpe:2.3:h:hitachi:vsp_f700:-:::::::* cpe:2.3:h:hitachi:vsp_f900:-:::::::* cpe:2.3:h:hitachi:vsp_g130:-:::::::* cpe:2.3:h:hitachi:vsp_g150:-:::::::* cpe:2.3:h:hitachi:vsp_g350:-:::::::* cpe:2.3:h:hitachi:vsp_g370:-:::::::* cpe:2.3:h:hitachi:vsp_g700:-:::::::* cpe:2.3:h:hitachi:vsp_g900:-:::::::* cpe:2.3:o:hitachi:vsp_e1090_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e390_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e390h_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e590_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e590h_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e790_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e790h_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_e990_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_f350_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_f370_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_f700_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_f900_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g130_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g150_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g350_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g370_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g700_firmware:-:::::::* cpe:2.3:o:hitachi:vsp_g900_firmware:-:::::::*
Vendors & Products		Hitachi Hitachi virtual Storage One Block Hitachi vsp E1090 Hitachi vsp E1090 Firmware Hitachi vsp E1090h Hitachi vsp E1090h Firmware Hitachi vsp E390 Hitachi vsp E390 Firmware Hitachi vsp E390h Hitachi vsp E390h Firmware Hitachi vsp E590 Hitachi vsp E590 Firmware Hitachi vsp E590h Hitachi vsp E590h Firmware Hitachi vsp E790 Hitachi vsp E790 Firmware Hitachi vsp E790h Hitachi vsp E790h Firmware Hitachi vsp E990 Hitachi vsp E990 Firmware Hitachi vsp F350 Hitachi vsp F350 Firmware Hitachi vsp F370 Hitachi vsp F370 Firmware Hitachi vsp F700 Hitachi vsp F700 Firmware Hitachi vsp F900 Hitachi vsp F900 Firmware Hitachi vsp G130 Hitachi vsp G130 Firmware Hitachi vsp G150 Hitachi vsp G150 Firmware Hitachi vsp G350 Hitachi vsp G350 Firmware Hitachi vsp G370 Hitachi vsp G370 Firmware Hitachi vsp G700 Hitachi vsp G700 Firmware Hitachi vsp G900 Hitachi vsp G900 Firmware

Thu, 07 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 07 May 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Title		Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
Weaknesses		CWE-307
References		https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Hitachi Virtual Storage One Block Vsp E1090 Vsp E1090 Firmware Vsp E1090h Vsp E1090h Firmware Vsp E390 Vsp E390 Firmware Vsp E390h Vsp E390h Firmware Vsp E590 Vsp E590 Firmware Vsp E590h Vsp E590h Firmware Vsp E790 Vsp E790 Firmware Vsp E790h Vsp E790h Firmware Vsp E990 Vsp E990 Firmware Vsp F350 Vsp F350 Firmware Vsp F370 Vsp F370 Firmware Vsp F700 Vsp F700 Firmware Vsp F900 Vsp F900 Firmware Vsp G130 Vsp G130 Firmware Vsp G150 Vsp G150 Firmware Vsp G350 Vsp G350 Firmware Vsp G370 Vsp G370 Firmware Vsp G700 Vsp G700 Firmware Vsp G900 Vsp G900 Firmware

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2026-05-07T07:30:28.144Z

Updated: 2026-05-07T13:41:12.214Z

Reserved: 2025-03-19T01:13:12.468Z

Link: CVE-2025-2514

Vulnrichment

Updated: 2026-05-07T13:41:09.480Z

NVD

Status : Analyzed

Published: 2026-05-07T09:16:26.183

Modified: 2026-05-13T19:14:56.647

Link: CVE-2025-2514

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-07T09:30:06Z

Weaknesses

CWE-307

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object