CVE-2025-10703
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: Progress Software Corporation
Description
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.
The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.Β If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.Β If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.Β The attacker could fetch the resource from the server causing the java script to be executed.
This issue affects:
DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541
DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833
DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628
DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279
DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344
DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063
DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964
DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525
DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410
DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727
DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851
DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198
DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957
DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587
DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669
DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364
DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776
DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458
DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316
DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309
DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856
DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189
DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125
DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired
DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858
DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162
DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856
DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430
DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023
DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339
DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430
DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183
DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress | data_direct_connect_for_jdbc | 6.0.0.001438 |
| progress | data_direct_hybrid_data_pipeline_on_premises_connector | 4.6.2.1223 |
| progress | data_direct_connect_for_jdbc | 6.1.0.001654 |
| progress | data_direct_connect_for_jdbc | 5.1.4.000161 |
| progress | data_direct_hybrid_data_pipeline_docker | 4.6.2.3316 |
| progress | data_direct_openaccess_jdbc_driver | 8.1.0.0177 |
| progress | data_direct_openaccess_jdbc_driver | 9.0.0.0019 |
| progress | data_direct_connect_for_jdbc | 6.0.1.001821 |
| progress | data_direct_connect_for_jdbc | 6.0.0.000805 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001747 |
| progress | data_direct_hybrid_data_pipeline_server | 4.6.2.3309 |
| progress | data_direct_connect_for_jdbc | 6.0.1.001499 |
| progress | data_direct_connect_for_jdbc | 6.0.0.000717 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001559 |
| progress | data_direct_connect_for_jdbc | 6.0.0.000454 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001936 |
| progress | data_direct_connect_for_jdbc | 6.0.1.001222 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001155 |
| progress | data_direct_connect_for_jdbc | 6.0.0.002279 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001392 |
| progress | data_direct_connect_for_jdbc | 6.0.1.006961 |
| progress | data_direct_connect_for_jdbc | 5.1.4.000298 |
| progress | data_direct_hybrid_data_pipeline_jdbc_driver | 4.6.2.0607 |
| progress | data_direct_connect_for_jdbc | 5.1.4.000187 |
| progress | data_direct_connect_for_jdbc | 6.0.1.001818 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001225 |
| progress | data_direct_connect_for_jdbc | 5.1.4.000330 |
| progress | data_direct_connect_for_jdbc | 6.0.0.003020 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001712 |
| progress | data_direct_connect_for_jdbc | 6.0.0.001843 |
| progress | data_direct_connect_for_jdbc | 6.0.0.003161 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Code Injection issue in Progress DataDirect JDBC drivers and Hybrid Data Pipeline. It arises because the SpyAttribute connection option allows specifying an arbitrary file for logging. An attacker can exploit this by causing JavaScript code to be written into a log file. If the log file is placed in a location and with an extension that the application server serves as a resource, the attacker can then retrieve and execute the malicious JavaScript code on the server, leading to remote code execution.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code remotely by injecting it into log files that the server then serves as resources. This can lead to remote code execution, potentially compromising the application server, stealing sensitive data, or performing unauthorized actions within the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the affected Progress DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver, and DataDirect OpenAccess JDBC driver to the fixed versions listed in the CVE description. Avoid allowing end users to specify values for the SpyAttributes connection option, especially the log=(file) construct, to prevent arbitrary file writing and potential remote code inclusion.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70