CVE-2025-10702 is a critical code injection vulnerability classified under CWE-94, affecting Progress DataDirect Connect for JDBC drivers, including the Amazon Redshift driver and many others such as those for Apache Cassandra, Hive, Microsoft SQL Server, Oracle, PostgreSQL, and more. The root cause lies in the SpyAttribute connection option, which supports an undocumented syntax that attackers can exploit to load arbitrary Java classes from the classpath and execute their constructors. This capability effectively allows remote code execution (RCE) if an attacker can supply or manipulate the SpyAttributes option value in the JDBC connection string. The vulnerability does not require user interaction or authentication, making it highly exploitable in environments where user input is passed unchecked to connection options. The affected products span a wide range of database connectors and hybrid data pipeline components, with versions prior to specific fixed releases vulnerable. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H) indicates network attack vector, low complexity, no user interaction, and high impact on confidentiality, integrity, and availability, with partial privileges required. Although no known exploits are reported in the wild yet, the nature of the vulnerability and the broad product impact make it a significant threat. Attackers exploiting this flaw could execute arbitrary code on systems running vulnerable JDBC drivers, potentially compromising backend databases, exfiltrating sensitive data, or pivoting within enterprise networks.

For European organizations, the impact of CVE-2025-10702 is substantial due to the widespread use of Progress DataDirect JDBC drivers in enterprise data environments, including cloud and hybrid infrastructures. Successful exploitation could lead to remote code execution on critical data access layers, enabling attackers to compromise database confidentiality, integrity, and availability. This could result in unauthorized data access, data manipulation, disruption of business operations, and potential regulatory non-compliance under GDPR due to data breaches. Organizations relying on Amazon Redshift, Oracle, Microsoft SQL Server, PostgreSQL, and other affected databases via these JDBC drivers are particularly at risk. The vulnerability's ease of exploitation without user interaction or authentication increases the likelihood of targeted attacks or automated exploitation attempts. Additionally, attackers could leverage this vulnerability to establish persistent footholds or move laterally within networks, amplifying the overall damage. The impact is heightened in sectors with critical data assets such as finance, healthcare, telecommunications, and government services prevalent in Europe.

To mitigate CVE-2025-10702 effectively, European organizations should: 1) Immediately identify all instances of Progress DataDirect Connect for JDBC drivers and related DataDirect Hybrid Data Pipeline components in their environments. 2) Upgrade all affected drivers to the fixed versions listed by Progress Software, ensuring no vulnerable versions remain in production or development. 3) Audit and restrict the use of the SpyAttributes connection option, especially preventing end-user or untrusted input from influencing its value. 4) Implement strict input validation and sanitization on any application components that construct JDBC connection strings dynamically. 5) Employ runtime application self-protection (RASP) or Java security manager policies to limit class loading and execution privileges where feasible. 6) Monitor network traffic and logs for anomalous JDBC connection strings or attempts to exploit the undocumented syntax. 7) Conduct penetration testing and code reviews focusing on JDBC connection handling to detect similar injection vectors. 8) Coordinate with database and application teams to ensure secure configuration and patch management practices are in place. 9) Consider network segmentation and least privilege principles to contain potential breaches. 10) Stay informed on vendor advisories and threat intelligence for any emerging exploit activity related to this vulnerability.