CVE-2025-5662
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-02

Assigner: huntr.dev

Description
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present in the MySQL JDBC Driver version 8.0.19 and JDK version 8u112. The issue is resolved in version 3.46.0.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5662
EUVD
EUVD-2025-26414
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
h2o-3 h2o 3.46.0
oracle java_development_kit 8u112
mysql mysql_connector_j 8.0.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deserialization flaw in the H2O-3 REST API (specifically the POST /99/ImportSQLTable endpoint) that affects all versions up to 3.46.0.7. It allows an attacker to execute remote code by exploiting improper validation of JDBC connection parameters when using a Key-Value format. The issue is linked to the MySQL JDBC Driver version 8.0.19 and JDK version 8u112, and it is fixed in version 3.46.0.8.

Impact Analysis

This vulnerability can lead to remote code execution (RCE) on the affected system, allowing an attacker to run arbitrary code with potentially high privileges. This can compromise the confidentiality, integrity, and availability of the system and data, leading to severe security breaches.

Mitigation Strategies

Upgrade the H2O-3 software to version 3.46.0.8 or later, as this version resolves the vulnerability. Additionally, ensure that the MySQL JDBC Driver is updated beyond version 8.0.19 and that the JDK version is updated beyond 8u112 to avoid the vulnerable components.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5662. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart