CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11159

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.4%

CVSS Severity

CVSS v3 Score 9.1

References

https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159

Products affected by CVE-2025-11159

Hitachi » Vantara Pentaho Data Integration And Analytics » Version: N/A

cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:-
Hitachi » Vantara Pentaho Data Integration And Analytics » Version: 1.0

cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:1.0
Hitachi » Vantara Pentaho Data Integration And Analytics » Version: 10.1.0.0

cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:10.1.0.0
Hitachi » Vantara Pentaho Data Integration And Analytics » Version: 9.3.0.6

cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:9.3.0.6
Hitachi » Vantara Pentaho Data Integration And Analytics » Version: 9.4.0.0

cpe:2.3:a:hitachi:vantara_pentaho_data_integration_and_analytics:9.4.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11159

Products

Pricing

Contact Us