🛡️ CVE-2025-0756
🔴 CVSS 9.1 — Critical ✅ No Known Exploit CWE-99 NVD
9.1
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Overview   The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)   Description   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not restrict JNDI identifiers during the creation of platform data sources.   Impact   An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users.

Details

Severity CRITICAL
CVSS Score 9.1
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE CWE-99
Public Exploit ✅ No
Source NVD
Published 2025-04-16
Updated 2026-06-02
Modified 2026-04-15
Fix URL N/A

Affected Packages

Software From version Fixed in
unknown

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.