4 matches found
CVE-2025-24908
creationtimestamp| type| source ---|---|--- 2025-04-16 22:57:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12162 2025-04-17 02:06:24+00:00| seen| https://t.me/cvedetector/23190 2025-04-17 02:48:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmy3rxemqs2j...
CVE-2025-24908
The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...