URL has been copied successfully!
H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6544)
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6544)


Tags: , , , ,

Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6544); This vulnerability is a bypass of CVE-2025-6507. Due to the system’s flawed handling of JDBC connection parameters, an unauthenticated attacker can bypass existing regular expression checks through double URL encoding, thereby enabling arbitrary file reading and…The post H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6544) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

First seen on securityboulevard.com

Jump to article: https://securityboulevard.com/2025/09/h2o-3-jdbc-deserialization-vulnerability-cve-2025-6544/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Who’s Afraid of a Toxic Cloud Trilogy?
  2. The 2024 cyberwar playbook: Tricks used by nation-state actors
  3. 24% of vulnerabilities are abused before a patch is available
  4. Volume of attacks on network devices shows need to replace end of life devices quickly