CVE-2025-9122 MEDIUM

CVE-2025-9122: Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

Vendor Hitachi Vantara
Product Pentaho Data Integration and Analytics
Weakness CWE-209 · Error message info leak
Published December 15, 2025
Last update December 16, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
December 16, 2025 Record updated