Home

Description

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.

PUBLISHED Reserved 2025-08-18 | Published 2025-12-15 | Updated 2025-12-17 | Assigner HITVAN




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status
unaffected

1.0 (maven) before 10.2.0.4
affected

Credits

Hitachi Group Member finder

References

support.pentaho.com/...efore-10-2-0-4-Impacted-CVE-2025-9121

cve.org (CVE-2025-9121)

nvd.nist.gov (CVE-2025-9121)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.