CNNVD-202509-079 Information

CNNVD ID

CNNVD-202509-079

Related CVE

CVE-2025-6507

• CNNVD Published: 2025-09-01

Description (Chinese)

H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.47.0.99999版本存在代码问题漏洞，该漏洞源于反序列化问题，可能导致任意代码执行和系统文件读取。

Description (English)

H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.47.099999 has a code problem gap, which stems from the problem of inverse sequences, which may lead to arbitrary code execution and system file access.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

H2O.ai

Published

2025-09-01

Last Modified

2026-02-24

References

https://huntr.com/bounties/0a9d527a-2d39-4bc0-bf01-1e717587f077 https://github.com/h2oai/h2o-3/commit/f714edd6b8429c7a7211b779b6ec108a95b7382d https://nvd.nist.gov/vuln/detail/CVE-2025-6507 https://access.redhat.com/security/cve/cve-2025-6507

Patch

https://github.com/h2oai/h2o-3/commit/f714edd6b8429c7a7211b779b6ec108a95b7382d