VYPR
Critical severity9.1NVD Advisory· Published May 13, 2026· Updated Jun 2, 2026

CVE-2025-11159

CVE-2025-11159

Description

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Affected products

2
  • cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:*:*:*:*:*:*:*:*range: <10.2.0.7
    • (no CPE)range: <10.2.0.7, <11.0.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.