[Japanese]

JVNDB-2026-003910

Multiple Vulnerabilities in Cosminexus HTTP Server

Overview

Multiple vulnerabilities have been found in Cosminexus HTTP Server.

CVE-2025-49630, CVE-2025-53020

These vulnerabilities does not apply if HTTP/2 protocol is disabled.
CVSS Severity (What is CVSS?)

Affected Products


Hitachi, Ltd
  • Cosminexus HTTP Server Linux(x64) 11-50-01 - 11-50-10
  • Cosminexus HTTP Server Linux(x64) 11-20-22 - 11-20-33
  • Cosminexus HTTP Server Windows(x64) 11-50 - 11-50-10
  • Cosminexus HTTP Server Windows(x64) 11-20-23 - 11-20-35
  • uCosminexus Application Server Linux(x64) 11-30 - 11-60
  • uCosminexus Application Server Windows(x64) 11-30 - 11-60-01
  • uCosminexus Application Server-R Linux(x64) 11-30 - 11-60
  • uCosminexus Application Server-R Windows(x64) 11-30 - 11-60-01
  • uCosminexus Developer Linux(x64) 11-30 - 11-60
  • uCosminexus Developer Windows(x64) 11-30 - 11-60-01
  • uCosminexus Primary Server Base Linux(x64) 11-30 - 11-60
  • uCosminexus Primary Server Base Windows(x64) 11-30 - 11-60-01
  • uCosminexus Service Architect Linux(x64) 11-30 - 11-60
  • uCosminexus Service Architect Windows(x64) 11-30 - 11-60-01
  • uCosminexus Service Platform Linux(x64) 11-30 - 11-60
  • uCosminexus Service Platform Windows(x64) 11-30 - 11-60-01

Please refer to Vendor Information for more details.
Impact

Regarding the impact of the vulnerability, please refer to the vendor advisory.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2025-49630
  2. CVE-2025-53020
References

Revision History

  • [2026/02/17]
      Web page was published

Date Public2026/02/13
Date First Published2026/02/17
Date Last Updated2026/02/17