What is the severity of CVE-2025-0758?

The severity of CVE-2025-0758 is considered to be critical due to the potential for unauthorized access to sensitive resources.

How do I fix CVE-2025-0758?

To fix CVE-2025-0758, upgrade the Hitachi Vantara Pentaho Business Analytics Server to version 10.2.0.2 or later.

Which versions of Hitachi Vantara Pentaho Business Analytics Server are affected by CVE-2025-0758?

CVE-2025-0758 affects versions prior to 10.2.0.2, including 9.3.x and 8.3.x.

What type of vulnerability is CVE-2025-0758?

CVE-2025-0758 is classified as an incorrect permission assignment vulnerability, specifically CWE-732.

Can CVE-2025-0758 allow data exposure?

Yes, CVE-2025-0758 can potentially allow unauthorized actors to read or modify security-critical resources.

Vulnerability/
CVE-2025-0758

medium

6.1

CWE

732

16/4/2025

17/4/2025

CVE-2025-0758: Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

First published: Wed Apr 16 2025(Updated: )

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default. Impact When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.

Credit: security.vulnerabilities@hitachivantara.com

Affected Software	Affected Version	How to fix
Hitachi Vantara Pentaho Business Analytics (BA) Server	<10.2.0.2>=9.3.0<9.3.x>=8.3.0<8.3.x

Never miss a vulnerability like this again

Reference Links

https://support.pentaho.com/hc/en-us/articles/35781318194061--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0758

Frequently Asked Questions

What is the severity of CVE-2025-0758?
The severity of CVE-2025-0758 is considered to be critical due to the potential for unauthorized access to sensitive resources.
How do I fix CVE-2025-0758?
To fix CVE-2025-0758, upgrade the Hitachi Vantara Pentaho Business Analytics Server to version 10.2.0.2 or later.
Which versions of Hitachi Vantara Pentaho Business Analytics Server are affected by CVE-2025-0758?
CVE-2025-0758 affects versions prior to 10.2.0.2, including 9.3.x and 8.3.x.
What type of vulnerability is CVE-2025-0758?
CVE-2025-0758 is classified as an incorrect permission assignment vulnerability, specifically CWE-732.
Can CVE-2025-0758 allow data exposure?
Yes, CVE-2025-0758 can potentially allow unauthorized actors to read or modify security-critical resources.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/severity
agent/tags
agent/event
vendor/hitachi vantara
canonical/hitachi vantara pentaho business analytics (ba) server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.