CVE-2025-0824 | Lack of validation for firmware update in Hitachi Hitachi Vi… | CVSS 3.7 LOW

Description

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Metadata

CVE ID: CVE-2025-0824
State: PUBLISHED
Assigner: Hitachi
Reserved: 2025-01-29 07:25 UTC
Published: 2026-06-29 05:34 UTC
Last updated: 2026-06-29 12:38 UTC
Primary CWE: CWE-347
CWE-347 Improper verification of cryptographic signature
Vendor / Product: Hitachi / Hitachi Virtual Storage Platform One Block 23, 24, 26, 28
Sources: cve.org · NVD

Severity & Metrics

3.7 LOW CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Hitachi	Hitachi Virtual Storage Platform One Block 23, 24, 26, 28	—	0 < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00

Weakness (CWE)

CWE	Source	Description
CWE-347	cna	CWE-347 Improper verification of cryptographic signature

CVSS scores (1)

Score	Severity	Version	Source	Vector
3.7	LOW	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

References (1)

https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_308.html