Lucene search
K

4 matches found

Circl
Circl
added 2025/04/16 10:57 p.m.4 views

CVE-2025-24908

creationtimestamp| type| source ---|---|--- 2025-04-16 22:57:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12162 2025-04-17 02:06:24+00:00| seen| https://t.me/cvedetector/23190 2025-04-17 02:48:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3rxemqs2j...

6.8CVSS4.8AI score0.0044EPSS
Exploits0References3
CVE
CVE
added 2025/04/16 10:27 p.m.63 views

CVE-2025-24908

The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...

6.8CVSS6.6AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:27 p.m.19 views

CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS0.0044EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:27 p.m.5 views

CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS6.6AI score0.0044EPSS
Exploits0References1
Rows per page
Query Builder