CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference

🗓️ 16 Apr 2025 22:32:46Reported by HITVANType

CVE-2025-24910 in Hitachi Vantara exposes local files via XML External Entity vulnerability.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-24910	16 Apr 202522:57	–	circl
CNNVD	Hitachi Vantara Pentaho Business Analytics Server 安全漏洞	16 Apr 202500:00	–	cnnvd
CVE	CVE-2025-24910	16 Apr 202522:32	–	cve
EUVD	EUVD-2025-11531	3 Oct 202520:07	–	euvd
NVD	CVE-2025-24910	16 Apr 202523:15	–	nvd
RedhatCVE	CVE-2025-24910	25 Apr 202523:49	–	redhatcve
Vulnrichment	CVE-2025-24910 Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference	16 Apr 202522:32	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Pentaho Data Integration"
    ],
    "product": "Pentaho Business Analytics Server",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThanOrEqual": "9.3.*",
        "status": "affected",
        "version": "1.0",
        "versionType": "maven"
      },
      {
        "lessThan": "10.2.0.2",
        "status": "affected",
        "version": "10.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
support	www.support.pentaho.com/hc/en-us/articles/35782683750541--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-24910

16 Apr 2025 22:32Current

CVSS 3.14.9

EPSS0.00083

CWE-611