CVE-2024-55551 HIGH

CVE-2024-55551

Vendor Exasol
Product JDBC driver
Weakness CWE-471
Published March 19, 2025
Last update August 27, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
August 27, 2025 Record updated