CVE-2025-0758
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default. Impact When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.
*Credits:
Hitachi Group Member
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-01-27 CVE Reserved
- 2025-04-16 CVE Published
- 2025-04-17 CVE Updated
- 2025-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
- CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachi Vantara Search vendor "Hitachi Vantara" | Pentaho Business Analytics Server Search vendor "Hitachi Vantara" for product "Pentaho Business Analytics Server" | >= 10.0.0.0 < 10.2.0.2 Search vendor "Hitachi Vantara" for product "Pentaho Business Analytics Server" and version " >= 10.0.0.0 < 10.2.0.2" | en |
Affected
| ||||||