CVE-2025-10768 | h2oai h2o-3 up to 3.46.08 IBMDB2 JDBC Driver /99/ImportSQLTable connection_url deserialization (Issue 50)

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization.

This vulnerability appears as CVE-2025-10768. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More