CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all users of the affected versions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.8%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2025-6544

H2o » H2o » Version: 3.0.0.10

cpe:2.3:a:h2o:h2o:3.0.0.10
H2o » H2o » Version: 3.0.0.11

cpe:2.3:a:h2o:h2o:3.0.0.11
H2o » H2o » Version: 3.0.0.13

cpe:2.3:a:h2o:h2o:3.0.0.13
H2o » H2o » Version: 3.0.0.17

cpe:2.3:a:h2o:h2o:3.0.0.17
H2o » H2o » Version: 3.0.0.18

cpe:2.3:a:h2o:h2o:3.0.0.18
H2o » H2o » Version: 3.0.0.2

cpe:2.3:a:h2o:h2o:3.0.0.2
H2o » H2o » Version: 3.0.0.21

cpe:2.3:a:h2o:h2o:3.0.0.21
H2o » H2o » Version: 3.0.0.22

cpe:2.3:a:h2o:h2o:3.0.0.22
H2o » H2o » Version: 3.0.0.23

cpe:2.3:a:h2o:h2o:3.0.0.23
H2o » H2o » Version: 3.0.0.24

cpe:2.3:a:h2o:h2o:3.0.0.24
H2o » H2o » Version: 3.0.0.25

cpe:2.3:a:h2o:h2o:3.0.0.25
H2o » H2o » Version: 3.0.0.26

cpe:2.3:a:h2o:h2o:3.0.0.26
H2o » H2o » Version: 3.0.0.4

cpe:2.3:a:h2o:h2o:3.0.0.4
H2o » H2o » Version: 3.0.0.7

cpe:2.3:a:h2o:h2o:3.0.0.7
H2o » H2o » Version: 3.1.0.1

cpe:2.3:a:h2o:h2o:3.1.0.1
H2o » H2o » Version: 3.1.0.3

cpe:2.3:a:h2o:h2o:3.1.0.3
H2o » H2o » Version: 3.1.0.4

cpe:2.3:a:h2o:h2o:3.1.0.4
H2o » H2o » Version: 3.1.0.7

cpe:2.3:a:h2o:h2o:3.1.0.7
H2o » H2o » Version: 3.10.0.10

cpe:2.3:a:h2o:h2o:3.10.0.10
H2o » H2o » Version: 3.10.0.3

cpe:2.3:a:h2o:h2o:3.10.0.3
H2o » H2o » Version: 3.10.0.6

cpe:2.3:a:h2o:h2o:3.10.0.6
H2o » H2o » Version: 3.10.0.7

cpe:2.3:a:h2o:h2o:3.10.0.7
H2o » H2o » Version: 3.10.0.8

cpe:2.3:a:h2o:h2o:3.10.0.8
H2o » H2o » Version: 3.10.0.9

cpe:2.3:a:h2o:h2o:3.10.0.9
H2o » H2o » Version: 3.10.1.1

cpe:2.3:a:h2o:h2o:3.10.1.1
H2o » H2o » Version: 3.10.1.2

cpe:2.3:a:h2o:h2o:3.10.1.2
H2o » H2o » Version: 3.10.2.1

cpe:2.3:a:h2o:h2o:3.10.2.1
H2o » H2o » Version: 3.10.2.2

cpe:2.3:a:h2o:h2o:3.10.2.2
H2o » H2o » Version: 3.10.3.1

cpe:2.3:a:h2o:h2o:3.10.3.1
H2o » H2o » Version: 3.10.3.2

cpe:2.3:a:h2o:h2o:3.10.3.2
H2o » H2o » Version: 3.10.3.3

cpe:2.3:a:h2o:h2o:3.10.3.3
H2o » H2o » Version: 3.10.3.4

cpe:2.3:a:h2o:h2o:3.10.3.4
H2o » H2o » Version: 3.10.3.5

cpe:2.3:a:h2o:h2o:3.10.3.5
H2o » H2o » Version: 3.10.4.1

cpe:2.3:a:h2o:h2o:3.10.4.1
H2o » H2o » Version: 3.10.4.2

cpe:2.3:a:h2o:h2o:3.10.4.2
H2o » H2o » Version: 3.10.4.3

cpe:2.3:a:h2o:h2o:3.10.4.3
H2o » H2o » Version: 3.10.4.4

cpe:2.3:a:h2o:h2o:3.10.4.4
H2o » H2o » Version: 3.10.4.5

cpe:2.3:a:h2o:h2o:3.10.4.5
H2o » H2o » Version: 3.10.4.6

cpe:2.3:a:h2o:h2o:3.10.4.6
H2o » H2o » Version: 3.10.4.7

cpe:2.3:a:h2o:h2o:3.10.4.7
H2o » H2o » Version: 3.10.4.8

cpe:2.3:a:h2o:h2o:3.10.4.8
H2o » H2o » Version: 3.10.5.1

cpe:2.3:a:h2o:h2o:3.10.5.1
H2o » H2o » Version: 3.10.5.2

cpe:2.3:a:h2o:h2o:3.10.5.2
H2o » H2o » Version: 3.10.5.3

cpe:2.3:a:h2o:h2o:3.10.5.3
H2o » H2o » Version: 3.10.5.4

cpe:2.3:a:h2o:h2o:3.10.5.4
H2o » H2o » Version: 3.14.0.1

cpe:2.3:a:h2o:h2o:3.14.0.1
H2o » H2o » Version: 3.14.0.2

cpe:2.3:a:h2o:h2o:3.14.0.2
H2o » H2o » Version: 3.14.0.3

cpe:2.3:a:h2o:h2o:3.14.0.3
H2o » H2o » Version: 3.14.0.4

cpe:2.3:a:h2o:h2o:3.14.0.4
H2o » H2o » Version: 3.14.0.5

cpe:2.3:a:h2o:h2o:3.14.0.5
H2o » H2o » Version: 3.14.0.6

cpe:2.3:a:h2o:h2o:3.14.0.6
H2o » H2o » Version: 3.14.0.7

cpe:2.3:a:h2o:h2o:3.14.0.7
H2o » H2o » Version: 3.16.0.1

cpe:2.3:a:h2o:h2o:3.16.0.1
H2o » H2o » Version: 3.16.0.2

cpe:2.3:a:h2o:h2o:3.16.0.2
H2o » H2o » Version: 3.16.0.3

cpe:2.3:a:h2o:h2o:3.16.0.3
H2o » H2o » Version: 3.16.0.4

cpe:2.3:a:h2o:h2o:3.16.0.4
H2o » H2o » Version: 3.18.0.1

cpe:2.3:a:h2o:h2o:3.18.0.1
H2o » H2o » Version: 3.18.0.10

cpe:2.3:a:h2o:h2o:3.18.0.10
H2o » H2o » Version: 3.18.0.11

cpe:2.3:a:h2o:h2o:3.18.0.11
H2o » H2o » Version: 3.18.0.2

cpe:2.3:a:h2o:h2o:3.18.0.2
H2o » H2o » Version: 3.18.0.3

cpe:2.3:a:h2o:h2o:3.18.0.3
H2o » H2o » Version: 3.18.0.4

cpe:2.3:a:h2o:h2o:3.18.0.4
H2o » H2o » Version: 3.18.0.5

cpe:2.3:a:h2o:h2o:3.18.0.5
H2o » H2o » Version: 3.18.0.6

cpe:2.3:a:h2o:h2o:3.18.0.6
H2o » H2o » Version: 3.18.0.7

cpe:2.3:a:h2o:h2o:3.18.0.7
H2o » H2o » Version: 3.18.0.8

cpe:2.3:a:h2o:h2o:3.18.0.8
H2o » H2o » Version: 3.18.0.9

cpe:2.3:a:h2o:h2o:3.18.0.9
H2o » H2o » Version: 3.2.0.1

cpe:2.3:a:h2o:h2o:3.2.0.1
H2o » H2o » Version: 3.2.0.3

cpe:2.3:a:h2o:h2o:3.2.0.3
H2o » H2o » Version: 3.2.0.5

cpe:2.3:a:h2o:h2o:3.2.0.5
H2o » H2o » Version: 3.2.0.7

cpe:2.3:a:h2o:h2o:3.2.0.7
H2o » H2o » Version: 3.20.0.1

cpe:2.3:a:h2o:h2o:3.20.0.1
H2o » H2o » Version: 3.20.0.10

cpe:2.3:a:h2o:h2o:3.20.0.10
H2o » H2o » Version: 3.20.0.2

cpe:2.3:a:h2o:h2o:3.20.0.2
H2o » H2o » Version: 3.20.0.3

cpe:2.3:a:h2o:h2o:3.20.0.3
H2o » H2o » Version: 3.20.0.4

cpe:2.3:a:h2o:h2o:3.20.0.4
H2o » H2o » Version: 3.20.0.5

cpe:2.3:a:h2o:h2o:3.20.0.5
H2o » H2o » Version: 3.20.0.6

cpe:2.3:a:h2o:h2o:3.20.0.6
H2o » H2o » Version: 3.20.0.7

cpe:2.3:a:h2o:h2o:3.20.0.7
H2o » H2o » Version: 3.20.0.8

cpe:2.3:a:h2o:h2o:3.20.0.8
H2o » H2o » Version: 3.20.0.9

cpe:2.3:a:h2o:h2o:3.20.0.9
H2o » H2o » Version: 3.22.0.1

cpe:2.3:a:h2o:h2o:3.22.0.1
H2o » H2o » Version: 3.22.0.2

cpe:2.3:a:h2o:h2o:3.22.0.2
H2o » H2o » Version: 3.22.0.3

cpe:2.3:a:h2o:h2o:3.22.0.3
H2o » H2o » Version: 3.22.0.4

cpe:2.3:a:h2o:h2o:3.22.0.4
H2o » H2o » Version: 3.22.0.5

cpe:2.3:a:h2o:h2o:3.22.0.5
H2o » H2o » Version: 3.22.1.1

cpe:2.3:a:h2o:h2o:3.22.1.1
H2o » H2o » Version: 3.22.1.2

cpe:2.3:a:h2o:h2o:3.22.1.2
H2o » H2o » Version: 3.22.1.3

cpe:2.3:a:h2o:h2o:3.22.1.3
H2o » H2o » Version: 3.22.1.4

cpe:2.3:a:h2o:h2o:3.22.1.4
H2o » H2o » Version: 3.22.1.5

cpe:2.3:a:h2o:h2o:3.22.1.5
H2o » H2o » Version: 3.22.1.6

cpe:2.3:a:h2o:h2o:3.22.1.6
H2o » H2o » Version: 3.24.0.1

cpe:2.3:a:h2o:h2o:3.24.0.1
H2o » H2o » Version: 3.24.0.2

cpe:2.3:a:h2o:h2o:3.24.0.2
H2o » H2o » Version: 3.24.0.3

cpe:2.3:a:h2o:h2o:3.24.0.3
H2o » H2o » Version: 3.24.0.4

cpe:2.3:a:h2o:h2o:3.24.0.4
H2o » H2o » Version: 3.24.0.5

cpe:2.3:a:h2o:h2o:3.24.0.5
H2o » H2o » Version: 3.26.0.1

cpe:2.3:a:h2o:h2o:3.26.0.1
H2o » H2o » Version: 3.26.0.10

cpe:2.3:a:h2o:h2o:3.26.0.10
H2o » H2o » Version: 3.26.0.11

cpe:2.3:a:h2o:h2o:3.26.0.11
H2o » H2o » Version: 3.26.0.2

cpe:2.3:a:h2o:h2o:3.26.0.2
H2o » H2o » Version: 3.26.0.3

cpe:2.3:a:h2o:h2o:3.26.0.3
H2o » H2o » Version: 3.26.0.4

cpe:2.3:a:h2o:h2o:3.26.0.4
H2o » H2o » Version: 3.26.0.5

cpe:2.3:a:h2o:h2o:3.26.0.5
H2o » H2o » Version: 3.26.0.6

cpe:2.3:a:h2o:h2o:3.26.0.6
H2o » H2o » Version: 3.28.0.1

cpe:2.3:a:h2o:h2o:3.28.0.1
H2o » H2o » Version: 3.28.0.2

cpe:2.3:a:h2o:h2o:3.28.0.2
H2o » H2o » Version: 3.28.0.3

cpe:2.3:a:h2o:h2o:3.28.0.3
H2o » H2o » Version: 3.28.0.4

cpe:2.3:a:h2o:h2o:3.28.0.4
H2o » H2o » Version: 3.28.1.1

cpe:2.3:a:h2o:h2o:3.28.1.1
H2o » H2o » Version: 3.28.1.2

cpe:2.3:a:h2o:h2o:3.28.1.2
H2o » H2o » Version: 3.28.1.3

cpe:2.3:a:h2o:h2o:3.28.1.3
H2o » H2o » Version: 3.30.0.1

cpe:2.3:a:h2o:h2o:3.30.0.1
H2o » H2o » Version: 3.30.0.2

cpe:2.3:a:h2o:h2o:3.30.0.2
H2o » H2o » Version: 3.30.0.3

cpe:2.3:a:h2o:h2o:3.30.0.3
H2o » H2o » Version: 3.30.0.4

cpe:2.3:a:h2o:h2o:3.30.0.4
H2o » H2o » Version: 3.30.0.5

cpe:2.3:a:h2o:h2o:3.30.0.5
H2o » H2o » Version: 3.30.0.6

cpe:2.3:a:h2o:h2o:3.30.0.6
H2o » H2o » Version: 3.30.0.7

cpe:2.3:a:h2o:h2o:3.30.0.7
H2o » H2o » Version: 3.30.1.1

cpe:2.3:a:h2o:h2o:3.30.1.1
H2o » H2o » Version: 3.30.1.2

cpe:2.3:a:h2o:h2o:3.30.1.2
H2o » H2o » Version: 3.30.1.3

cpe:2.3:a:h2o:h2o:3.30.1.3
H2o » H2o » Version: 3.32.0.1

cpe:2.3:a:h2o:h2o:3.32.0.1
H2o » H2o » Version: 3.32.0.2

cpe:2.3:a:h2o:h2o:3.32.0.2
H2o » H2o » Version: 3.32.0.3

cpe:2.3:a:h2o:h2o:3.32.0.3
H2o » H2o » Version: 3.32.0.4

cpe:2.3:a:h2o:h2o:3.32.0.4
H2o » H2o » Version: 3.32.0.5

cpe:2.3:a:h2o:h2o:3.32.0.5
H2o » H2o » Version: 3.32.1.1

cpe:2.3:a:h2o:h2o:3.32.1.1
H2o » H2o » Version: 3.32.1.2

cpe:2.3:a:h2o:h2o:3.32.1.2
H2o » H2o » Version: 3.32.1.3

cpe:2.3:a:h2o:h2o:3.32.1.3
H2o » H2o » Version: 3.32.1.4

cpe:2.3:a:h2o:h2o:3.32.1.4
H2o » H2o » Version: 3.32.1.5

cpe:2.3:a:h2o:h2o:3.32.1.5
H2o » H2o » Version: 3.32.1.6

cpe:2.3:a:h2o:h2o:3.32.1.6
H2o » H2o » Version: 3.32.1.7

cpe:2.3:a:h2o:h2o:3.32.1.7
H2o » H2o » Version: 3.34.0.1

cpe:2.3:a:h2o:h2o:3.34.0.1
H2o » H2o » Version: 3.34.0.3

cpe:2.3:a:h2o:h2o:3.34.0.3
H2o » H2o » Version: 3.34.0.4

cpe:2.3:a:h2o:h2o:3.34.0.4
H2o » H2o » Version: 3.34.0.5

cpe:2.3:a:h2o:h2o:3.34.0.5
H2o » H2o » Version: 3.34.0.6

cpe:2.3:a:h2o:h2o:3.34.0.6
H2o » H2o » Version: 3.34.0.7

cpe:2.3:a:h2o:h2o:3.34.0.7
H2o » H2o » Version: 3.34.0.8

cpe:2.3:a:h2o:h2o:3.34.0.8
H2o » H2o » Version: 3.36.0.1

cpe:2.3:a:h2o:h2o:3.36.0.1
H2o » H2o » Version: 3.36.0.2

cpe:2.3:a:h2o:h2o:3.36.0.2
H2o » H2o » Version: 3.36.0.3

cpe:2.3:a:h2o:h2o:3.36.0.3
H2o » H2o » Version: 3.36.0.4

cpe:2.3:a:h2o:h2o:3.36.0.4
H2o » H2o » Version: 3.36.1.1

cpe:2.3:a:h2o:h2o:3.36.1.1
H2o » H2o » Version: 3.36.1.2

cpe:2.3:a:h2o:h2o:3.36.1.2
H2o » H2o » Version: 3.36.1.3

cpe:2.3:a:h2o:h2o:3.36.1.3
H2o » H2o » Version: 3.36.1.4

cpe:2.3:a:h2o:h2o:3.36.1.4
H2o » H2o » Version: 3.36.1.5

cpe:2.3:a:h2o:h2o:3.36.1.5
H2o » H2o » Version: 3.38.0.1

cpe:2.3:a:h2o:h2o:3.38.0.1
H2o » H2o » Version: 3.38.0.2

cpe:2.3:a:h2o:h2o:3.38.0.2
H2o » H2o » Version: 3.38.0.3

cpe:2.3:a:h2o:h2o:3.38.0.3
H2o » H2o » Version: 3.38.0.4

cpe:2.3:a:h2o:h2o:3.38.0.4
H2o » H2o » Version: 3.4.0.1

cpe:2.3:a:h2o:h2o:3.4.0.1
H2o » H2o » Version: 3.40.0.1

cpe:2.3:a:h2o:h2o:3.40.0.1
H2o » H2o » Version: 3.40.0.2

cpe:2.3:a:h2o:h2o:3.40.0.2
H2o » H2o » Version: 3.40.0.3

cpe:2.3:a:h2o:h2o:3.40.0.3
H2o » H2o » Version: 3.40.0.4

cpe:2.3:a:h2o:h2o:3.40.0.4
H2o » H2o » Version: 3.42.0.1

cpe:2.3:a:h2o:h2o:3.42.0.1
H2o » H2o » Version: 3.42.0.2

cpe:2.3:a:h2o:h2o:3.42.0.2
H2o » H2o » Version: 3.42.0.3

cpe:2.3:a:h2o:h2o:3.42.0.3
H2o » H2o » Version: 3.42.0.4

cpe:2.3:a:h2o:h2o:3.42.0.4
H2o » H2o » Version: 3.44.0.1

cpe:2.3:a:h2o:h2o:3.44.0.1
H2o » H2o » Version: 3.44.0.2

cpe:2.3:a:h2o:h2o:3.44.0.2
H2o » H2o » Version: 3.44.0.3

cpe:2.3:a:h2o:h2o:3.44.0.3
H2o » H2o » Version: 3.45.0.6386

cpe:2.3:a:h2o:h2o:3.45.0.6386
H2o » H2o » Version: 3.46.0

cpe:2.3:a:h2o:h2o:3.46.0
H2o » H2o » Version: 3.46.0.1

cpe:2.3:a:h2o:h2o:3.46.0.1
H2o » H2o » Version: 3.46.0.2

cpe:2.3:a:h2o:h2o:3.46.0.2
H2o » H2o » Version: 3.46.0.3

cpe:2.3:a:h2o:h2o:3.46.0.3
H2o » H2o » Version: 3.46.0.4

cpe:2.3:a:h2o:h2o:3.46.0.4
H2o » H2o » Version: 3.46.0.5

cpe:2.3:a:h2o:h2o:3.46.0.5
H2o » H2o » Version: 3.46.0.6

cpe:2.3:a:h2o:h2o:3.46.0.6
H2o » H2o » Version: 3.46.0.7

cpe:2.3:a:h2o:h2o:3.46.0.7
H2o » H2o » Version: 3.46.0.8

cpe:2.3:a:h2o:h2o:3.46.0.8
H2o » H2o » Version: 3.6.0.2

cpe:2.3:a:h2o:h2o:3.6.0.2
H2o » H2o » Version: 3.6.0.7

cpe:2.3:a:h2o:h2o:3.6.0.7
H2o » H2o » Version: 3.6.0.9

cpe:2.3:a:h2o:h2o:3.6.0.9
H2o » H2o » Version: 3.8.0.1

cpe:2.3:a:h2o:h2o:3.8.0.1
H2o » H2o » Version: 3.8.0.6

cpe:2.3:a:h2o:h2o:3.8.0.6
H2o » H2o » Version: 3.8.1.1

cpe:2.3:a:h2o:h2o:3.8.1.1
H2o » H2o » Version: 3.8.1.2

cpe:2.3:a:h2o:h2o:3.8.1.2
H2o » H2o » Version: 3.8.1.3

cpe:2.3:a:h2o:h2o:3.8.1.3
H2o » H2o » Version: 3.8.1.4

cpe:2.3:a:h2o:h2o:3.8.1.4
H2o » H2o » Version: 3.8.2.1

cpe:2.3:a:h2o:h2o:3.8.2.1
H2o » H2o » Version: 3.8.2.2

cpe:2.3:a:h2o:h2o:3.8.2.2
H2o » H2o » Version: 3.8.2.3

cpe:2.3:a:h2o:h2o:3.8.2.3
H2o » H2o » Version: 3.8.2.5

cpe:2.3:a:h2o:h2o:3.8.2.5
H2o » H2o » Version: 3.8.2.6

cpe:2.3:a:h2o:h2o:3.8.2.6
H2o » H2o » Version: 3.8.2.8

cpe:2.3:a:h2o:h2o:3.8.2.8
H2o » H2o » Version: 3.8.2.9

cpe:2.3:a:h2o:h2o:3.8.2.9
H2o » H2o » Version: 3.8.3.2

cpe:2.3:a:h2o:h2o:3.8.3.2
H2o » H2o » Version: 3.8.3.4

cpe:2.3:a:h2o:h2o:3.8.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6544

Products

Pricing

Contact Us