Customer Portal

Get a grip on your data

With battle-tested solutions and a focus on foundational strength,

Pentaho+ helps you meet the challenges of an AI-driven world.

  1. Pentaho Customer Portal
  2. Known Vulnerability Updates
  3. Security Updates

(Resolved) Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource - Versions before 10.2.0.2, including 9.3.x Impacted (CVE-2025-0758)

by Dan Begey - Follow

Overview 

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)

 

Products Affected 

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x

 

Description 

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.

 

Impact 

When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

 

Action  

We recommend you upgrade to the latest Hitachi Vantara Pentaho Business Analytics Server release or Service Pack where this vulnerability is addressed.

Please review the Pentaho End-of-Life policy to ensure you are up to date.

 

Internal Notes: (Non Customer View-able - Non Confidential)

This issue is logged under JIRA BISERVER-14817

Comments