Critical severity9.1NVD Advisory· Published May 13, 2026· Updated Jun 2, 2026
CVE-2025-11159
CVE-2025-11159
Description
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
Affected products
2cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*range: <10.2.0.7
- (no CPE)range: <10.2.0.7, <11.0.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.