Hitachi Vantara Pentaho Data Integration & Analytics

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Basic Information

ID CVE-2025-11159

Source HITVAN

Published May 13, 2026 at 05:36

Affected Product

Vendor Hitachi Vantara

Product Pentaho Data Integration and Analytics

Version 1.0

Affected Versions Hitachi Vantara Pentaho Data Integration and Analytics 1.0
Hitachi Vantara Pentaho Data Integration and Analytics 1.0

CWE Classification

CWE-1395

References

support.pentaho.com /hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159

{
    "lastseen": "",
    "description": "Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator.",
    "published": "2026-05-13T05:36:43.720Z",
    "modified": "2026-05-13T05:36:43.720Z",
    "type": "cve",
    "title": "Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party  Component",
    "source": "HITVAN",
    "references": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159",
    "id": "CVE-2025-11159",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1395"
    ],
    "cvelist": null,
    "sourceData": "Hitachi Vantara Pentaho Data Integration and Analytics 1.0\nHitachi Vantara Pentaho Data Integration and Analytics 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pentaho Data Integration and Analytics",
    "version": "1.0",
    "vendor": "Hitachi Vantara",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hitachi Vantara Pentaho Data Integration & Analytics – Dependency on Vulnerable Third-Party Component_CVE-2025-11159