CVE-2025-5781 – This vulnerability allows session hijacking thr... (How to Fix)

Q: How do I fix CVE-2025-5781?

1. Download appropriate patch from Hitachi support portal. 2. Backup current configuration. 3. Apply patch following vendor instructions. 4. Restart affected services. 5. Verify functionality.

Q: What is the severity of CVE-2025-5781?

CVE-2025-5781 has a CVSS score of 5.2 (MEDIUM). This vulnerability allows session hijacking through information exposure in Hitachi management software. Attackers can intercept or access session data to impersonate legitimate users. It affects Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, and Hitachi Device Manager.

📋 TL;DR

This vulnerability allows session hijacking through information exposure in Hitachi management software. Attackers can intercept or access session data to impersonate legitimate users. It affects Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, and Hitachi Device Manager.

💻 Affected Systems

Products:

Hitachi Ops Center API Configuration Manager
Hitachi Configuration Manager
Hitachi Device Manager

Versions: Ops Center API Config Manager: 10.0.0-00 to <11.0.5-00; Config Manager: 8.5.1-00 to <11.0.5-00; Device Manager: 8.4.1-00 to <8.6.5-00

Operating Systems: Not specified - likely multiple

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative account compromise leading to complete system takeover, data theft, and lateral movement across managed infrastructure.

🟠

Likely Case

Unauthorized access to management functions, configuration changes, and potential data exposure from managed systems.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though session integrity remains compromised.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can easily intercept sessions and gain unauthorized access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Session hijacking typically requires some level of network access to intercept traffic, but the vulnerability itself is straightforward to exploit once session data is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Ops Center API Config Manager: 11.0.5-00; Config Manager: 11.0.5-00; Device Manager: 8.6.5-00

Vendor Advisory: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-111/index.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from Hitachi support portal. 2. Backup current configuration. 3. Apply patch following vendor instructions. 4. Restart affected services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate management interfaces to trusted networks only

Session Encryption Enforcement

all

Ensure all API and management traffic uses TLS 1.2+ with strong ciphers

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach management interfaces
Enable comprehensive logging and monitoring for suspicious session activity

🔍 How to Verify

Check if Vulnerable:

Check current version against affected ranges in product administration interface or via version query commands

Check Version:

Product-specific commands vary; consult Hitachi documentation for version query methods

Verify Fix Applied:

Confirm version is at or above patched versions: Ops Center API Config Manager ≥11.0.5-00, Config Manager ≥11.0.5-00, Device Manager ≥8.6.5-00

📡 Detection & Monitoring

Log Indicators:

Multiple sessions from same user from different IPs
Session creation without proper authentication
Unusual API access patterns

Network Indicators:

Unencrypted session traffic to management ports
Session token reuse across different sources

SIEM Query:

source_ip!=user_usual_ip AND destination_port IN (management_ports) AND action="session_create"

📊 Metadata

CVE ID: CVE-2025-5781

CVSS v3 Score: 5.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-532

Published: February 25, 2026

Last Updated: February 27, 2026

🔗 References

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-111/index.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5781, you might also want to check these: