{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T02:19:26.820","vulnerabilities":[{"cve":{"id":"CVE-2025-0758","sourceIdentifier":"security.vulnerabilities@hitachivantara.com","published":"2025-04-16T23:15:44.647","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Overview \n\n\n\nThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) \n\n\n\nDescription \n\n\n\nHitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default. \n\n\n\nImpact \n\n\n\nWhen the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product."},{"lang":"es","value":"Descripción general: El producto especifica los permisos para un recurso crítico para la seguridad de forma que permita que actores no deseados lo lean o modifiquen. (CWE-732) Descripción: Hitachi Vantara Pentaho Business Analytics Server anterior a la versión 10.2.0.2, incluidas las versiones 9.3.x y 8.3.x, se instala con los beans Karaf JMX habilitados y accesibles de forma predeterminada. Impacto: Cuando se aprovecha la vulnerabilidad, un usuario con privilegios de ejecución local puede acceder a la funcionalidad expuesta por los beans Karaf del producto."}],"metrics":{"cvssMetricV31":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}]},"weaknesses":[{"source":"security.vulnerabilities@hitachivantara.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://support.pentaho.com/hc/en-us/articles/35781318194061--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-2-including-9-3-x-Impacted-CVE-2025-0758","source":"security.vulnerabilities@hitachivantara.com"}]}}]}