h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization_CVE-2025-10768

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10768

Source VulDB

Published Sep 21, 2025 at 09:33

Affected Product

Vendor h2oai

Product h2o-3

Version 3.46.08

Affected Versions h2oai h2o-3 3.46.08

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-21T09:33:16.643Z",
    "modified": "2025-09-21T09:33:16.643Z",
    "type": "cve",
    "title": "h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325124\nhttps://vuldb.com/?ctiid.325124\nhttps://vuldb.com/?submit.649508\nhttps://github.com/ez-lbz/poc/issues/50\nhttps://github.com/ez-lbz/poc/issues/50#issue-3389830879",
    "id": "CVE-2025-10768",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "h2oai h2o-3 3.46.08",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "h2o-3",
    "version": "3.46.08",
    "vendor": "h2oai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}