VYPR
Critical severity9.8OSV Advisory· Published Sep 2, 2025· Updated Apr 15, 2026

CVE-2025-5662

CVE-2025-5662

Description

A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present in the MySQL JDBC Driver version 8.0.19 and JDK version 8u112. The issue is resolved in version 3.46.0.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • H2oai/H2o 3OSV2 versions
    RELEASE-0.1.14, RELEASE-0.1.17, RELEASE-0.1.4, …+ 1 more
    • (no CPE)range: RELEASE-0.1.14, RELEASE-0.1.17, RELEASE-0.1.4, …
    • (no CPE)range: <=3.46.0.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.