CVE-2025-10769
BaseFortify
Publication date: 2025-09-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h2o | h2o | From 3.0.0.2 (inc) to 3.46.0.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the h2oai h2o-3 software up to version 3.46.08, specifically in the H2 JDBC Driver component within the /99/ImportSQLTable file. It involves manipulation of the argument 'connection_url' which leads to deserialization, potentially allowing an attacker to execute malicious code or actions remotely.
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to perform deserialization attacks, which may allow an attacker to execute arbitrary code or commands on the affected system. This can lead to unauthorized access, data manipulation, or disruption of services.