CVE-2025-9121
Unknown
Unknown - Not Provided
Insecure Deserialization in Pentaho Dashboard Editor Plugin
Vulnerability report for CVE-2025-9121, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: Hitachi Vantara
Description
Description
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachivantara | pentaho_data_integration_and_analytics_community_dashboard_editor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |