CNNVD-202509-3205 Information

CNNVD ID

CNNVD-202509-3205

Related CVE

CVE-2025-10768

• CNNVD Published: 2025-09-21

Description (Chinese)

H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.08及之前版本存在安全漏洞，该漏洞源于文件/99/ImportSQLTable中参数connection_url的反序列化操作，可能导致远程攻击。

Description (English)

H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.46.08 and previous versions contain a security loophole, which stems from the inverse sequenceization of the parameter in document/99/ImportSQLTable and may lead to a long-range attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HabitRPG

Published

2025-09-21

Last Modified

2026-02-24

References

https://github.com/ez-lbz/poc/issues/50 https://vuldb.com/?submit.649508 https://github.com/ez-lbz/poc/issues/50#issue-3389830879 https://vuldb.com/?ctiid.325124 https://vuldb.com/?id.325124 https://access.redhat.com/security/cve/cve-2025-10768