fkie_cve-2025-6544
Vulnerability from fkie_nvd
Published
2025-09-21 09:15
Modified
2025-09-22 21:23
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all users of the affected versions.
References
security@huntr.devhttps://github.com/h2oai/h2o-3/commit/0298ee348f5c73673b7b542158081e79605f5f25
security@huntr.devhttps://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40
134c704f-9b21-4f2e-91b3-4a467353bcc0https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A deserialization vulnerability exists in h2oai/h2o-3 versions \u003c= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all users of the affected versions."
    }
  ],
  "id": "CVE-2025-6544",
  "lastModified": "2025-09-22T21:23:01.543",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-21T09:15:38.497",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "https://github.com/h2oai/h2o-3/commit/0298ee348f5c73673b7b542158081e79605f5f25"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.