CVE-2025-11159
CriticalUpdated
Published: 13 May 2026
Published
13 May 2026
Modified
02 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0034
26.2th percentile
Summary
CVE-2025-11159 is a critical-severity an unspecified weakness vulnerability in Hitachi Vantara Pentaho Data Integration And Analytics. Its CVSS base score is 9.1 (Critical).
Operationally, ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209821
Vulnerability details
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
- CWE(s)
Related Threats
CVEs Like This One
CVE-2025-11158Same product: Hitachi Vantara Pentaho Data Integration And Analytics
CVE-2025-9661Same vendor: Hitachi
CVE-2025-1978Same vendor: Hitachi
CVE-2025-0976Same vendor: Hitachi
Affected Assets
hitachi
vantara pentaho data integration and analytics
≤ 10.2.0.7
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.