Home > Vulnerability Database > CVE-2025-10769

Mend.io Vulnerability Database

CVE-2025-10769

Date: September 21, 2025

A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

9.8

Related Resources (9)

Url: https://vuldb.com/?submit.649793

Url: https://vuldb.com/?id.325125

Url: https://github.com/ez-lbz/poc/issues/51#issue-3391023368

Url: https://vuldb.com/?ctiid.325125

Url: https://vuldb.com/?submit.649728

Url: https://github.com/ez-lbz/poc/issues/51

Url: https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10769

Url: https://www.mend.io/vulnerability-database/CVE-2025-10769

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10769

Date: September 21, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?