CVE-2025-1978

import requests # This is a conceptual PoC template for CVE-2025-1978 # Actual exploitation requires specific endpoint and payload details def exploit(target_ip, target_port): url = f"http://{target_ip}:{target_port}/vulnerable_endpoint" headers = { "User-Agent": "Mozilla/5.0", "Content-Type": "application/json" } # Malicious payload intended to trigger RCE payload = { "command": "inject_payload_here", "arg": "$(reverseshell_command)" } try: print(f"[*] Sending payload to {target_ip}...") response = requests.post(url, json=payload, headers=headers, timeout=5) if response.status_code == 200: print("[+] Payload sent successfully. Check for callback.") else: print(f"[-] Server returned status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": target = "192.168.1.100" exploit(target, 8080)

{"cve": {"id": "CVE-2025-1978", "sourceIdentifier": "[email protected]", "published": "2026-05-07T09:16:26.017", "lastModified": "2026-05-13T19:15:52.813", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:23:*:*:*:*:*:*:*", "matchCriteriaId": "46788D83-153E-42CF-ACA5-09506AA45D54"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:24:*:*:*:*:*:*:*", "matchCriteriaId": "EC7E00FD-2148-457B-B91A-FDB575DF8DF7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:26:*:*:*:*:*:*:*", "matchCriteriaId": "04B799D3-FCF2-4832-8E5D-65D5BE53F47D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hitachi:virtual_storage_one_block:28:*:*:*:*:*:*:*", "matchCriteriaId": "CC55432F-8451-4859-A01A-946C26A793C6"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitachi:vsp_g130_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5B2BAC8-57F6-46ED-94DA-8736AD883AA0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:hitachi:vsp_g130:-:*:*:*:*:*:*:*", "matchCriteriaId": "13116ECB-AFB9-4B48-B17E-188D6DA59E9F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitachi:vsp_g150_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1885D369-A410-4713-8C6C-995983A41BFD"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:hitachi:vsp_g150:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D64FA2-123C-4FBB-B75A-34A927386B37"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitachi:vsp_g350_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A731027-8E2B-40BA-B9C4-4947C142E21E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:hitachi:vsp_g350:-:*:*:*:*:*:*:*", "matchCriteriaId": "E10C0C39-452D-4B45-BA08-AFA8A3C4865E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitachi:vsp_g370_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "11C63C8F-CD8D-4160-A235-956E555BF76A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:hitachi:vsp_g370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9365C651-1AFD-421A-94A4-F2E5C9E4CBE8"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitachi:vsp_g700_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "088FA23C-DA5D-4D18-B2B6-C08A69EBF5D4"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe ... (truncated)