h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization_CVE-2025-10769

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10769

Source VulDB

Published Sep 21, 2025 at 09:33

Affected Product

Vendor h2oai

Product h2o-3

Version 3.46.08

Affected Versions h2oai h2o-3 3.46.08

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-21T09:33:19.679Z",
    "modified": "2025-09-21T09:33:19.679Z",
    "type": "cve",
    "title": "h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325125\nhttps://vuldb.com/?ctiid.325125\nhttps://vuldb.com/?submit.649728\nhttps://vuldb.com/?submit.649793\nhttps://github.com/ez-lbz/poc/issues/51\nhttps://github.com/ez-lbz/poc/issues/51#issue-3391023368\nhttps://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d",
    "id": "CVE-2025-10769",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "h2oai h2o-3 3.46.08",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "h2o-3",
    "version": "3.46.08",
    "vendor": "h2oai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}