Pentaho Data Integration

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-11158	Hitachi Pentaho Data Integration & Analytics	Cri	0.59	9.1	0.00		Mar 10, 2026	Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVE-2015-6940	Hitachi Pentaho Data Integration		0.00	—	0.00		Sep 22, 2015	The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote…

CVE-2025-11158CriMar 10, 2026
Hitachi
Pentaho Data Integration & Analytics
risk 0.59cvss 9.1epss 0.00
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVE-2015-6940Sep 22, 2015
Hitachi
Pentaho Data Integration
risk 0.00cvss —epss 0.00
The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote…