Critical severity9.1NVD Advisory· Published Mar 10, 2026· Updated May 6, 2026
CVE-2025-11158
CVE-2025-11158
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*range: <10.2.0.6
- (no CPE)range: < 10.2.0.6
- (no CPE)range: 1.0
- Range: < 10.2.0.6
- Range: < 10.2.0.6
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.