CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

Denial Of Service (DoS)

H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of highly compressed data due to repeatedly parsing a large GZIP file, leading to memory exhaustion and a large number of slow-running jobs, making the server unresponsive...

Denial Of Service (DoS)

H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient regular expression complexity due to the /3/ParseSetup endpoint applying a user-specified regular expression to a user-controllable string, leading to resource exhaustion and server unresponsiveness...

Arbitrary File Overwrite

H2O-3 is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper input validation due to the exportModelDetails function in ModelsHandler.java allowing user-controlled input in the mexport.dir parameter, enabling overwriting files at arbitrary locations on the host system...

H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...