CVE-2025-2514 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.

Published: 2026-05-07 Last update: 2026-05-13 Assigner: [email protected] Source: [email protected]

NVD Status：Analyzed，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2025-2514

EPSS CVSS CWE GHSA Affected

Conclusion & alert: CVE-2025-2514 is rated Low Risk (24.7/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.03%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-2514

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-07	—	0.03%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-2514

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.3	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	3.9	1.4	[email protected]

Weakness enumeration for CVE-2025-2514

CWE-307 MITRE ↗

GitHub Security Advisory for CVE-2025-2514

GHSA-6g2f-5j4g-w6f4 · Severity: medium — Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual...

Affected software / configurations for CVE-2025-2514

Vendor	Product	Version	Raw CPE
hitachi	virtual_storage_one_block	23	cpe:2.3:a:hitachi:virtual_storage_one_block:23:::::::*
hitachi	virtual_storage_one_block	24	cpe:2.3:a:hitachi:virtual_storage_one_block:24:::::::*
hitachi	virtual_storage_one_block	26	cpe:2.3:a:hitachi:virtual_storage_one_block:26:::::::*
hitachi	virtual_storage_one_block	28	cpe:2.3:a:hitachi:virtual_storage_one_block:28:::::::*
hitachi	vsp_g130_firmware	—	cpe:2.3:o:hitachi:vsp_g130_firmware:-:::::::*
hitachi	vsp_g150_firmware	—	cpe:2.3:o:hitachi:vsp_g150_firmware:-:::::::*
hitachi	vsp_g350_firmware	—	cpe:2.3:o:hitachi:vsp_g350_firmware:-:::::::*
hitachi	vsp_g370_firmware	—	cpe:2.3:o:hitachi:vsp_g370_firmware:-:::::::*
hitachi	vsp_g700_firmware	—	cpe:2.3:o:hitachi:vsp_g700_firmware:-:::::::*
hitachi	vsp_g900_firmware	—	cpe:2.3:o:hitachi:vsp_g900_firmware:-:::::::*
hitachi	vsp_f350_firmware	—	cpe:2.3:o:hitachi:vsp_f350_firmware:-:::::::*
hitachi	vsp_f370_firmware	—	cpe:2.3:o:hitachi:vsp_f370_firmware:-:::::::*
hitachi	vsp_f700_firmware	—	cpe:2.3:o:hitachi:vsp_f700_firmware:-:::::::*
hitachi	vsp_f900_firmware	—	cpe:2.3:o:hitachi:vsp_f900_firmware:-:::::::*
hitachi	vsp_e390_firmware	—	cpe:2.3:o:hitachi:vsp_e390_firmware:-:::::::*
hitachi	vsp_e590_firmware	—	cpe:2.3:o:hitachi:vsp_e590_firmware:-:::::::*
hitachi	vsp_e790_firmware	—	cpe:2.3:o:hitachi:vsp_e790_firmware:-:::::::*
hitachi	vsp_e990_firmware	—	cpe:2.3:o:hitachi:vsp_e990_firmware:-:::::::*
hitachi	vsp_e1090_firmware	—	cpe:2.3:o:hitachi:vsp_e1090_firmware:-:::::::*
hitachi	vsp_e390h_firmware	—	cpe:2.3:o:hitachi:vsp_e390h_firmware:-:::::::*
hitachi	vsp_e590h_firmware	—	cpe:2.3:o:hitachi:vsp_e590h_firmware:-:::::::*
hitachi	vsp_e790h_firmware	—	cpe:2.3:o:hitachi:vsp_e790h_firmware:-:::::::*
hitachi	vsp_e1090h_firmware	—	cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:::::::*

References for CVE-2025-2514

URL	Tags
https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html	Vendor Advisory

cvelogic Threat Intelligence