CNNVD-202509-3204 Information

CNNVD ID

CNNVD-202509-3204

Related CVE

CVE-2025-6544

• CNNVD Published: 2025-09-21

Description (Chinese)

H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.0.8及之前版本存在安全漏洞，该漏洞源于JDBC连接参数处理不当，可能导致读取任意系统文件和执行任意代码。

Description (English)

H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.46.0.8 and previous versions contained a security loophole, which stemmed from the mishandling of JDBC connectivity parameters, which could lead to the reading of any system file and the implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

HabitRPG

Published

2025-09-21

Last Modified

2026-02-24

References

https://github.com/h2oai/h2o-3/commit/0298ee348f5c73673b7b542158081e79605f5f25 https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40 https://access.redhat.com/security/cve/cve-2025-6544