CVE-2025-10769
Last modified
CVE-2025-10769 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| H2o | H2o | >= 3.0.0.2, <= 3.46.0.8 |
References
- https://github.com/ez-lbz/poc/issues/51Broken Link
- https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588dExploit, Third Party Advisory
- https://vuldb.com/?ctiid.325125Permissions Required, VDB Entry
- https://vuldb.com/?id.325125Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.649728Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.649793Third Party Advisory, VDB Entry
- https://github.com/ez-lbz/poc/issues/51Broken Link
- https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588dExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-10769?
How severe is CVE-2025-10769?
How do I fix CVE-2025-10769?
Are you affected by CVE-2025-10769?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST