Cyber Resilience

CVE-2025-11159

CriticalUpdated

Published: 13 May 2026

Published
13 May 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0034 26.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-11159 is a critical-severity an unspecified weakness vulnerability in Hitachi Vantara Pentaho Data Integration And Analytics. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-11158Same product: Hitachi Vantara Pentaho Data Integration And Analytics
CVE-2025-9661Same vendor: Hitachi
CVE-2025-1978Same vendor: Hitachi
CVE-2025-0976Same vendor: Hitachi

Affected Assets

hitachi
vantara pentaho data integration and analytics
≤ 10.2.0.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References