{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11159","assignerOrgId":"dce6e192-ff49-4263-9134-f0beccb9bc13","state":"PUBLISHED","assignerShortName":"HITVAN","dateReserved":"2025-09-29T14:53:44.917Z","datePublished":"2026-05-13T05:36:43.720Z","dateUpdated":"2026-05-13T05:36:43.720Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dce6e192-ff49-4263-9134-f0beccb9bc13","shortName":"HITVAN","dateUpdated":"2026-05-13T05:36:43.720Z"},"title":"Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party  Component","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1395","description":"CWE-1395: Dependency on Vulnerable Third-Party Component","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-310","descriptions":[{"lang":"en","value":"CAPEC-310 Scanning for Vulnerable Software"}]}],"affected":[{"vendor":"Hitachi Vantara","product":"Pentaho Data Integration and Analytics","versions":[{"status":"affected","version":"1.0","lessThan":"10.2.0.7","versionType":"maven"},{"status":"affected","version":"1.0","lessThan":"11.0","versionType":"maven"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.","supportingMedia":[{"type":"text/html","base64":false,"value":"Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator."}]}],"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}],"credits":[{"lang":"en","value":"Nir Zadok (nirza) and Moshe Siman Tov Bustan  from OX Security","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}}}}