PT-2025-35547 · Oracle+1 · Mysql Jdbc Driver+2
Published
2025-09-02
·
Updated
2025-09-08
·
CVE-2025-5662
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
H2O-3 versions prior to 3.46.0.8
Description
A deserialization issue exists in the H2O-3 REST API
/99/ImportSQLTable. The vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The issue is present in the MySQL JDBC Driver version 8.0.19 and JDK version 8u112.Recommendations
Upgrade to H2O-3 version 3.46.0.8 or later.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
H2O-3
Jdk
Mysql Jdbc Driver