CNNVD-202509-3208 Information

CNNVD ID

CNNVD-202509-3208

Related CVE

CVE-2025-10769

• CNNVD Published: 2025-09-21

Description (Chinese)

H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.08及之前版本存在安全漏洞，该漏洞源于H2 JDBC Driver组件中文件/99/ImportSQLTable对参数connection_url的错误操作，可能导致反序列化攻击。

Description (English)

H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.46.08 and previous versions contain a security loophole, which stems from document/99/ImportSQLTable in the H2 JDBC Driver component, which is an error in the parameters control url, which may lead to a back-serialized attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HabitRPG

Published

2025-09-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.649728 https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d https://github.com/ez-lbz/poc/issues/51 https://github.com/ez-lbz/poc/issues/51#issue-3391023368 https://vuldb.com/?submit.649793 https://vuldb.com/?ctiid.325125 https://vuldb.com/?id.325125 https://access.redhat.com/security/cve/cve-2025-10769