{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T09:07:11.746","vulnerabilities":[{"cve":{"id":"CVE-2025-10702","sourceIdentifier":"security@progress.com","published":"2025-11-19T16:15:46.187","lastModified":"2026-06-17T08:28:47.880","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.\n\n\nThe SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker.  If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.  \n\n\nThis issue affects:\n\nDataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541\n\nDataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833\n\nDataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628\n\nDataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279\n\nDataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344\n\nDataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063\n\nDataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964\n\nDataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525\n\nDataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410\nDataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727\nDataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851\n\n\nDataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198\n\nDataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957\n\nDataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587\n\nDataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669\n\nDataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364\n\nDataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776\n\nDataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458\n\nDataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316\n\nDataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309\nDataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856\n\nDataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189\n\nDataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125\nDataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired\n\nDataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858\n\nDataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162\n\nDataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856\n\nDataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430\n\nDataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023\n\nDataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339\nDataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430\n\nDataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183\n\nDataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022"}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress","product":"DataDirect Connect for JDBC for Amazon Redshift","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001392","versionType":"custom","status":"affected"},{"version":"6.0.0.001541","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Apache Cassandra","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.000805","versionType":"custom","status":"affected"},{"version":"6.0.0.000833","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Hive","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.1.001499","versionType":"custom","status":"affected"},{"version":"6.0.1.001628","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Apache Impala","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001155","versionType":"custom","status":"affected"},{"version":"6.0.0.1279","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Apache SparkSQL","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.1.001222","versionType":"custom","status":"affected"},{"version":"6.0.1.001344","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC Autonomous REST Connector","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.1.006961","versionType":"custom","status":"affected"},{"version":"6.0.1.007063","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for DB2","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.000717","versionType":"custom","status":"affected"},{"version":"6.0.0.000964","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Google Analytics 4","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.000454","versionType":"custom","status":"affected"},{"version":"6.0.0.000525","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Google BigQuery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.002279","versionType":"custom","status":"affected"},{"version":"6.0.0.002410","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Greenplum","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001712","versionType":"custom","status":"affected"},{"version":"6.0.0.001727","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Informix","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.000690","versionType":"custom","status":"affected"},{"version":"6.0.0.000851","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Microsoft Dynamics 365","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.003161","versionType":"custom","status":"affected"},{"version":"6.0.0.003198","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Microsoft SQLServer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001936","versionType":"custom","status":"affected"},{"version":"6.0.0.001957","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Microsoft Sharepoint","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001559","versionType":"custom","status":"affected"},{"version":"6.0.0.001587","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for MongoDB","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.1.0.001654","versionType":"custom","status":"affected"},{"version":"6.1.0.001669","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for MySQL","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.1.4.000330","versionType":"custom","status":"affected"},{"version":"5.1.4.000364","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Oracle Database","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001747","versionType":"custom","status":"affected"},{"version":"6.0.0.001776","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Oracle Eloqua","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001438","versionType":"custom","status":"affected"},{"version":"6.0.0.001458","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Oracle Sales Cloud","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001225","versionType":"custom","status":"affected"},{"version":"6.0.0.001316","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Oracle Service Cloud","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.1.4.000298","versionType":"custom","status":"affected"},{"version":"5.1.4.000309","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for PostgreSQL","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.001843","versionType":"custom","status":"affected"},{"version":"6.0.0.001856","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Progress OpenEdge","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.1.4.000187","versionType":"custom","status":"affected"},{"version":"5.1.4.000189","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Salesforce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.003020","versionType":"custom","status":"affected"},{"version":"6.0.0.003125","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for SAP HANA","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.0.000879","versionType":"custom","status":"affected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for SAP S/4 HANA","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.1.001818","versionType":"custom","status":"affected"},{"version":"6.0.1.001858","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Sybase ASE","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.1.4.000161","versionType":"custom","status":"affected"},{"version":"5.1.4.000162","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Connect for JDBC for Snowflake","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.1.001821","versionType":"custom","status":"affected"},{"version":"6.0.1.001856","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Hybrid Data Pipeline Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.2.3309","versionType":"custom","status":"affected"},{"version":"4.6.2.3430","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Hybrid Data Pipeline JDBC Driver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.2.0607","versionType":"custom","status":"affected"},{"version":"4.6.2.1023","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Hybrid Data Pipeline On Premises Connector","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.2.1223","versionType":"custom","status":"affected"},{"version":"4.6.2.1339","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect Hybrid Data Pipeline Docker","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.2.3316","versionType":"custom","status":"affected"},{"version":"4.6.2.3430","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect OpenAccess JDBC Driver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.1.0.0177","versionType":"custom","status":"affected"},{"version":"8.1.0.0183","versionType":"custom","status":"unaffected"}]},{"vendor":"Progress","product":"DataDirect OpenAccess JDBC Driver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"9.0.0.0019","versionType":"custom","status":"affected"},{"version":"9.0.0.0022","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-20T04:55:24.526650Z","id":"CVE-2025-10702","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025","source":"security@progress.com"}]}}]}