The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-6507

CVE-2025-6507: H2O-3 Deserialization RCE Vulnerability

CVE-2025-6507 is a deserialization vulnerability in h2oai/h2o-3 that enables remote code execution and unauthorized file access. This article covers the technical details, affected versions, and mitigation steps.

Published: April 1, 2026

CVE-2025-6507 Overview

A critical insecure deserialization vulnerability has been identified in the h2oai/h2o-3 machine learning platform that allows attackers to exploit deserialization of untrusted data through JDBC connection parameter manipulation. This vulnerability enables arbitrary code execution and unauthorized reading of system files on affected systems. The issue affects the master branch version 3.47.0.99999 and arises from inadequate regular expression filters intended to prevent malicious parameter injection in JDBC connections.

Critical Impact

Attackers can achieve remote code execution and read sensitive system files by bypassing regex-based parameter filters through whitespace manipulation in JDBC connection strings.

Affected Products

  • H2O-3 version 3.47.0.99999 (master branch)
  • H2O-3 versions prior to 3.46.0.8

Discovery Timeline

  • 2025-09-01 - CVE-2025-6507 published to NVD
  • 2025-09-02 - Last updated in NVD database

Technical Details for CVE-2025-6507

Vulnerability Analysis

This vulnerability represents a classic case of insufficient input validation combined with insecure deserialization (CWE-502). The H2O-3 platform implements security controls to prevent malicious JDBC connection parameters that could enable dangerous features like autoDeserialize in MySQL connectors. However, the regex pattern used to detect these parameters can be bypassed by inserting whitespace characters between parameter names and their values.

When attackers successfully inject malicious parameters, they can leverage database connector features designed for legitimate serialization purposes to execute arbitrary code on the target system. This is particularly dangerous in data science and machine learning environments where H2O-3 is deployed, as these systems often have elevated privileges and access to sensitive data.

Root Cause

The root cause lies in the overly permissive regex pattern used in the SQLManager.java class to detect and block dangerous JDBC parameters. The original pattern -(?i)[?;&]([a-z]+)= only matched parameters immediately preceded by connection string delimiters (?, ;, or &) and required the parameter name to be directly adjacent to the equals sign. This design flaw allowed attackers to evade detection by inserting spaces between parameter names and their values, effectively bypassing the security filter.

Attack Vector

The attack exploits the network-accessible JDBC connection functionality in H2O-3. Attackers craft malicious JDBC connection strings with carefully placed whitespace to bypass parameter validation. For example, inserting spaces like autoDeserialize = true instead of autoDeserialize=true would evade the original regex filter. Once the malicious parameter is accepted, the attacker can leverage MySQL's deserialization features to achieve code execution or file read operations.

java
// Security patch in SQLManager.java
// Source: https://github.com/h2oai/h2o-3/commit/f714edd6b8429c7a7211b779b6ec108a95b7382d

  private static final String DISALLOWED_JDBC_PARAMETERS_PARAM = H2O.OptArgs.SYSTEM_PROP_PREFIX + "sql.jdbc.disallowed.parameters";

-  private static final Pattern JDBC_PARAMETERS_REGEX_PATTERN = Pattern.compile("(?i)[?;&]([a-z]+)=");
+  private static final Pattern JDBC_PARAMETERS_REGEX_PATTERN = Pattern.compile("(?i)([a-z0-9_]+)\\s*=\\s*");

  private static final List<String> DEFAULT_JDBC_DISALLOWED_PARAMETERS = Stream.of(
          "autoDeserialize", "queryInterceptors", "allowLoadLocalInfile", "allowMultiQueries", //mysql

The patch addresses this by updating the regex pattern to use \\s* which matches zero or more whitespace characters around the equals sign, ensuring parameters cannot bypass detection through whitespace manipulation. The pattern also now matches parameter names containing digits and underscores.

Detection Methods for CVE-2025-6507

Indicators of Compromise

  • Unusual JDBC connection strings containing whitespace around parameter assignments in application logs
  • Unexpected MySQL connector parameters such as autoDeserialize, queryInterceptors, or allowLoadLocalInfile in database connection attempts
  • Evidence of file read operations or code execution originating from H2O-3 processes
  • Anomalous network connections from H2O-3 instances to external database servers

Detection Strategies

  • Monitor H2O-3 application logs for JDBC connection strings containing suspicious parameters with irregular whitespace patterns
  • Implement network monitoring to detect unusual database connection patterns from H2O-3 instances
  • Deploy endpoint detection to identify unexpected child processes spawned by H2O-3 Java processes
  • Use application-layer firewalls to inspect and block malformed JDBC connection strings

Monitoring Recommendations

  • Enable detailed logging for all JDBC connection attempts in H2O-3 deployments
  • Configure alerts for file access operations from H2O-3 processes outside normal working directories
  • Monitor for deserialization-related Java exceptions in application error logs
  • Implement network segmentation monitoring to detect lateral movement from compromised H2O-3 instances

How to Mitigate CVE-2025-6507

Immediate Actions Required

  • Upgrade H2O-3 to version 3.46.0.8 or later immediately
  • Audit existing JDBC connection configurations for potentially malicious parameters
  • Restrict network access to H2O-3 instances to trusted sources only
  • Review system logs for signs of exploitation prior to patching

Patch Information

The vulnerability has been addressed in H2O-3 version 3.46.0.8. The fix implements a more robust regex pattern that properly handles whitespace around parameter assignments, preventing the bypass technique. The security patch is available through the GitHub commit f714edd6b8429c7a7211b779b6ec108a95b7382d. Additional details about this vulnerability and the associated bounty can be found at the Huntr vulnerability disclosure.

Workarounds

  • If immediate patching is not possible, restrict JDBC connectivity by blocking access to external databases
  • Implement a web application firewall or reverse proxy to filter JDBC connection strings before they reach H2O-3
  • Disable unnecessary database connectivity features in H2O-3 configuration
  • Deploy network segmentation to isolate H2O-3 instances from sensitive systems
bash
# Configuration example - Restrict JDBC connectivity at the network level
# Block outbound MySQL connections from H2O-3 servers
iptables -A OUTPUT -p tcp --dport 3306 -m owner --uid-owner h2o -j DROP

# Allow only trusted database servers
iptables -A OUTPUT -p tcp --dport 3306 -d trusted_db_server_ip -m owner --uid-owner h2o -j ACCEPT

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechH2o
  • SeverityCRITICAL
  • CVSS Score9.8
  • EPSS Probability0.27%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-502
  • Technical References
  • GitHub Commit Update
  • Huntr Bounty Listing
  • Related CVEs
  • CVE-2024-5986: H2O.ai H2O-3 RCE Vulnerability
  • CVE-2025-6544: H2o H2o Deserialization RCE Vulnerability
  • CVE-2025-10769: H2O H2O-3 RCE Vulnerability
  • CVE-2025-5662: H2O-3 REST API RCE Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English