CVE-2025-10769 | h2oai h2o-3 up to 3.46.08 H2 JDBC Driver /99/ImportSQLTable connection_url deserialization (Issue 51)

A vulnerability, which was classified as critical, was found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization.

This vulnerability is traded as CVE-2025-10769. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More