CVE-2025-11158
Received Received - Intake
Remote Code Execution via Groovy Script Injection in Hitachi Pentaho

Publication date: 2026-03-10

Last updated on: 2026-05-06

Assigner: Hitachi Vantara

Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11158
EUVD
EUVD-2025-208457
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hitachi vantara_pentaho_data_integration_and_analytics to 10.2.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including versions 9.3.x and 8.3.x. It occurs because the software does not restrict Groovy scripts in new PRPT reports published by users. This lack of restriction allows attackers to insert arbitrary scripts, which can lead to remote code execution (RCE).

Impact Analysis

The vulnerability can have severe impacts because it allows remote code execution. An attacker could execute arbitrary code on the affected system with high privileges, potentially leading to full system compromise, data theft, data loss, or disruption of services.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart