1. Home
  2. Vulnerabilities
  3. CVE-2025-2514
5.3
MEDIUM CVSS 3.1
CVE-2025-2514
Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
Overview
Description

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.

Details
INFO

Published Date :

May 7, 2026, 9:16 a.m.

Last Modified :

May 13, 2026, 7:14 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2025-2514 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hitachi virtual_storage_one_block
2 Hitachi vsp_g130_firmware
3 Hitachi vsp_g130
4 Hitachi vsp_g150_firmware
5 Hitachi vsp_g150
6 Hitachi vsp_g350_firmware
7 Hitachi vsp_g350
8 Hitachi vsp_g370_firmware
9 Hitachi vsp_g370
10 Hitachi vsp_g700_firmware
11 Hitachi vsp_g700
12 Hitachi vsp_g900_firmware
13 Hitachi vsp_g900
14 Hitachi vsp_f350_firmware
15 Hitachi vsp_f350
16 Hitachi vsp_f370_firmware
17 Hitachi vsp_f370
18 Hitachi vsp_f700_firmware
19 Hitachi vsp_f700
20 Hitachi vsp_f900_firmware
21 Hitachi vsp_f900
22 Hitachi vsp_e390_firmware
23 Hitachi vsp_e390
24 Hitachi vsp_e590_firmware
25 Hitachi vsp_e590
26 Hitachi vsp_e790_firmware
27 Hitachi vsp_e790
28 Hitachi vsp_e990_firmware
29 Hitachi vsp_e990
30 Hitachi vsp_e1090_firmware
31 Hitachi vsp_e1090
32 Hitachi vsp_e390h_firmware
33 Hitachi vsp_e390h
34 Hitachi vsp_e590h_firmware
35 Hitachi vsp_e590h
36 Hitachi vsp_e790h_firmware
37 Hitachi vsp_e790h
38 Hitachi vsp_e1090h_firmware
39 Hitachi vsp_e1090h
: Total Affected Vendor : 1 | Products : 39
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 50d0f415-c707-4733-9afc-8f6c0e9b3f82
CVSS 3.1 MEDIUM [email protected]
Solution
Update the system firmware to a fixed version to address excessive authentication attempts.
  • Update DKCMAIN to version 88-08-16-xx/00 or later.
  • Update GUM to version 88-08-20/00 or later.
  • Update DKCMAIN to version 93-07-26-xx/00 or later.
  • Update GUM to version 93-07-26/00 or later.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-2514.

URL Resource
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-2514 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-2514 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-2514 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-2514 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    May. 13, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:hitachi:virtual_storage_one_block:23:*:*:*:*:*:*:* *cpe:2.3:a:hitachi:virtual_storage_one_block:24:*:*:*:*:*:*:* *cpe:2.3:a:hitachi:virtual_storage_one_block:26:*:*:*:*:*:*:* *cpe:2.3:a:hitachi:virtual_storage_one_block:28:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g130_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g130:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g350_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g350:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_g900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_g900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_f350_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_f350:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_f370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_f370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_f700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_f700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_f900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_f900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e390_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e390:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e590_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e590:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e790_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e790:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e990_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e990:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e1090_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e1090:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e390h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e390h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e590h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e590h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e790h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e790h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hitachi:vsp_e1090h:-:*:*:*:*:*:*:*
    Added Reference Type Hitachi, Ltd.: https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html Types: Vendor Advisory
  • New CVE Received by [email protected]

    May. 07, 2026

    Action Type Old Value New Value
    Added Description Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    Added CWE CWE-307
    Added Reference https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 5.3
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact