Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-11159
PUBLISHED
More InfoOfficial Page
Assigner-HITVAN
Assigner Org ID-dce6e192-ff49-4263-9134-f0beccb9bc13
View Known Exploited Vulnerability (KEV) details
Published At-13 May, 2026 | 05:36
Updated At-13 May, 2026 | 14:44
Rejected At-
▼CVE Numbering Authority (CNA)
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Affected Products
Vendor
Hitachi Vantara LLCHitachi Vantara
Product
Pentaho Data Integration and Analytics
Default Status
unaffected
Versions
Affected
  • From 1.0 before 10.2.0.7 (maven)
  • From 1.0 before 11.0 (maven)
Problem Types
TypeCWE IDDescription
CWECWE-1395CWE-1395: Dependency on Vulnerable Third-Party Component
Type: CWE
CWE ID: CWE-1395
Description: CWE-1395: Dependency on Vulnerable Third-Party Component
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-310CAPEC-310 Scanning for Vulnerable Software
CAPEC ID: CAPEC-310
Description: CAPEC-310 Scanning for Vulnerable Software
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159
N/A
Hyperlink: https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found