CVE-2025-24909

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Apr 16, 2025
Updated: Apr 17, 2025
CWE ID 79

Summary

CVE-2025-24909: Hitachi Vantara's Pentaho Business Analytics Server, versions prior to 10.2.0.2, including 9.3.x and 8.3.x, contain a vulnerability (CWE-79) that enables an attacker to inject malicious URLs into the Analyzer plugin interface. This issue allows the attacker to transfer private information, including session cookies, from the victim's machine. Additionally, the attacker can send malicious requests on behalf of the victim to a targeted website, potentially causing harm to the site if the victim has administrative privileges. This vulnerability poses a significant risk as it can lead to unauthorized access and data theft. Users are advised to upgrade to the latest version of Hitachi Vantara Pentaho Business Analytics Server to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share