Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
Published: 2026-03-10
CVSS: 9.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Download Exploit for CVE-2025-11158 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-33-cve-2025-69370/
https://sonitex.com/exploit-757-cve-2026-31975/