CVE-2025-0758
📋 TL;DR
Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, have Karaf JMX beans enabled by default with insufficient access controls. This allows local users to access sensitive functionality exposed by these beans, potentially leading to unauthorized actions or information disclosure.
💻 Affected Systems
- Hitachi Vantara Pentaho Business Analytics Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains administrative control over Pentaho server, accesses sensitive business data, modifies configurations, or executes arbitrary code.
Likely Case
Local user with standard privileges accesses JMX beans to view sensitive configuration data, modify settings, or disrupt service operations.
If Mitigated
With proper network segmentation and local user restrictions, impact limited to authorized administrative users only.
🎯 Exploit Status
Exploitation requires local access to the Pentaho server. Attackers need existing local user privileges on the system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.2.0.2
Restart Required: Yes
Instructions:
1. Download Pentaho Business Analytics Server version 10.2.0.2 or later from official vendor sources. 2. Backup current installation and data. 3. Install the updated version following vendor documentation. 4. Restart the Pentaho service.
🔧 Temporary Workarounds
Disable Karaf JMX Beans
allManually disable Karaf JMX beans to prevent unauthorized access
Edit Karaf configuration file (typically karaf/etc/org.apache.karaf.management.cfg)
Set 'rmiRegistryPort' and 'rmiServerPort' to '-1'
Restart Karaf service
Restrict Local User Access
allLimit local user accounts on Pentaho server to authorized administrators only
Review and remove unnecessary local user accounts
Implement least privilege for remaining accounts
Monitor local user activity
🧯 If You Can't Patch
- Implement strict access controls to limit local user accounts on Pentaho servers
- Deploy network segmentation to isolate Pentaho servers from general user networks
🔍 How to Verify
Check if Vulnerable:
Check Pentaho version: if version is below 10.2.0.2 and Karaf JMX beans are enabled (check karaf/etc/org.apache.karaf.management.cfg for enabled ports).Check Version:
Check Pentaho documentation for version command or examine installation directory for version files.Verify Fix Applied:
Verify version is 10.2.0.2 or later and Karaf JMX beans are disabled or properly secured.📡 Detection & Monitoring
Log Indicators:
- Unauthorized JMX connection attempts in Karaf logs
- Unexpected local user activity on Pentaho server
Network Indicators:
- Local JMX connection attempts to Pentaho server
SIEM Query:
source="pentaho-logs" AND (jmx OR karaf) AND (access OR connection OR unauthorized)