CVE-2025-11159

Summary

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Data Integration and Analytics1.0 < 10.2.0.7affected
Hitachi VantaraPentaho Data Integration and Analytics1.0 < 11.0affected

Weaknesses

  • CWE-1395: CWE-1395: Dependency on Vulnerable Third-Party Component

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References