CVE-2025-2514
CVE-2025-2514 is a medium-severity vulnerability in Hitachi Virtual Storage One Block with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-307.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- EPSS exploit prediction: 0% (22nd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-209711
- Weakness: CWE-307
- Affected product: Hitachi Virtual Storage One Block
- Published:
- Last modified:
Description
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Frequently asked questions
- What is CVE-2025-2514?
- Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
- How severe is CVE-2025-2514?
- CVE-2025-2514 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2025-2514 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (22nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-2514?
- CVE-2025-2514 primarily affects Hitachi Virtual Storage One Block. In total, 23 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2025-2514?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-2514 have an EU (EUVD) identifier?
- Yes. CVE-2025-2514 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-209711.
- When was CVE-2025-2514 published?
- CVE-2025-2514 was published on 2026-05-07 and last updated on 2026-06-17.
References
Affected products (23)
- cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e790h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e590h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e390h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e1090_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e990_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e790_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e590_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_e390_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_f900_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_f700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_f370_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_f350_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g900_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g370_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g350_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hitachi:vsp_g130_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:virtual_storage_one_block:23:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:virtual_storage_one_block:24:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:virtual_storage_one_block:26:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:virtual_storage_one_block:28:*:*:*:*:*:*:*
More vulnerabilities in Hitachi Virtual Storage One Block
- CVE-2025-1978 — High (CVSS 8.3): Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage…
- CVE-2025-9661 — High (CVSS 8.1): OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One…
All CVEs affecting Hitachi Virtual Storage One Block →
Other CWE-307 (Improper Restriction of Excessive Authentication Attempts) vulnerabilities
- CVE-2026-6853 — Critical (CVSS 9.8): Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses…
- CVE-2026-8760 — Critical (CVSS 9.8): The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including,…
- CVE-2020-37228 — Critical (CVSS 9.8): iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass…
- CVE-2026-33879 — Critical (CVSS 9.8): Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and…
- CVE-2026-33640 — Critical (CVSS 9.8): Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users…
- CVE-2026-31851 — Critical (CVSS 9.8): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout…
Browse all CWE-307 (Improper Restriction of Excessive Authentication Attempts) vulnerabilities →