CVE-2025-10768
BaseFortify
Publication date: 2025-09-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h2o | h2o | From 3.0.0.2 (inc) to 3.46.0.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the h2oai h2o-3 software up to version 3.46.08, specifically in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. It involves manipulation of the argument 'connection_url' which leads to deserialization, a process that can be exploited remotely. The exploit has been published and may be used by attackers.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to exploit deserialization through the 'connection_url' argument, potentially leading to unauthorized actions or compromise of the affected system. Given the CVSS scores, it can impact confidentiality, integrity, and availability to some extent, which may result in partial data exposure, modification, or disruption of service.