CVE-2025-11158

🗓️ 09 Mar 2026 22:12:51Reported by HITVANType

Hitachi Vantara Pentaho older versions lack authorization for Groovy scripts in PRPT reports, enabling remote code execution.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-11158	9 Mar 202622:12	–	attackerkb
Circl	CVE-2025-11158	18 Mar 202610:34	–	circl
CNNVD	Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞	10 Mar 202600:00	–	cnnvd
Cvelist	CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization	9 Mar 202622:12	–	cvelist
EUVD	EUVD-2025-208457	10 Mar 202618:31	–	euvd
EUVD	EUVD-2025-208458	10 Mar 202618:31	–	euvd
NVD	CVE-2025-11158	10 Mar 202616:23	–	nvd
Positive Technologies	PT-2026-24134	9 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-11158	11 Mar 202607:08	–	redhatcve
Vulnrichment	CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization	9 Mar 202622:12	–	vulnrichment

NVD

Node

hitachi vantara_pentaho_data_integration_and_analyticsRange<10.2.0.6

[
  {
    "vendor": "Hitachi Vantara",
    "product": "Pentaho Data Integration and Analytics",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "lessThanOrEqual": "9.3.*",
        "versionType": "maven"
      },
      {
        "status": "affected",
        "version": "10.0",
        "lessThan": "10.2.0.6",
        "versionType": "maven"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/39975058295821--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Missing-Authorization-Versions-before-10-2-0-6-impacted-CVE-2025-11158
ox	www.ox.security/blog/cve-2025-11158/

06 May 2026 17:50Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.1

EPSS0.00019

SSVC

CWE-862