CRITICAL SeverityCVSS 3.19.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2025-11159

Last updated May 13, 2026 · Published May 13, 2026

Description

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

Affected products

1 listed

Hitachi Vantara:Pentaho Data Integration and Analytics

Mappings

CWE

CWE-1395

CAPEC

CAPEC-310

Guides

Supply Chain Security FundamentalsSBOMs, dependency verification, supplier assessment, and provenance for development teams.

Training

Dependency and Supply Chain ManagementSBOMs, lock files, and surviving the next big supply chain attack.

CVE-2025-11159

Description

Affected products

Mappings

Related