CVE-2025-11159 – Pentaho Data Integration and Analytics

CVSS 9.1 CRITICAL

“When analytics platforms are exposed, attackers gain access to the data that drives the business.”

This patch addresses CVE-2025-11159 in Pentaho Data Integration and Analytics, a Critical severity vulnerability that impacts access control mechanisms within the platform. The CVSS score is 9.1, which is Critical severity. The issue could allow unauthorized users to interact with sensitive data workflows or execute actions that compromise data integrity and system operations.

No verified exploitation has been confirmed. However, given Pentaho’s role in data processing and analytics pipelines, successful exploitation could expose critical business data and disrupt reporting or decision-making systems.

Key Details

Affected Product: Hitachi Vantara Pentaho Data Integration And Analytics
Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2025-11159 – Pentaho Data Integration and Analytics

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002