CVE-2025-0758

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2 Hitachi Vantara Pentaho Business Analytics Server versions 9.3.x Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x

Description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When the issue is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

Recommendations For versions prior to 10.2.0.2, update to version 10.2.0.2 or later to resolve the issue. For versions 9.3.x, update to version 10.2.0.2 or later to resolve the issue. For versions 8.3.x, update to version 10.2.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the Karaf JMX beans to minimize the risk of exploitation.