CVE-2025-10702 is a critical code injection vulnerability classified under CWE-94, found in Progress DataDirect Connect for JDBC drivers, including the Amazon Redshift variant and many others. The vulnerability stems from the SpyAttribute connection option, which supports an undocumented syntax construct. If an attacker can control the SpyAttributes option value in an application's connection string, they can exploit this syntax to force the JDBC driver to load an arbitrary Java class from the classpath and execute its constructor. This results in remote code execution (RCE) capabilities without requiring user interaction or prior authentication, making the attack vector network-based and highly accessible. The flaw affects a broad range of DataDirect Connect for JDBC drivers across multiple database platforms such as Amazon Redshift, Apache Cassandra, Hive, Microsoft SQL Server, Oracle, PostgreSQL, and others. The vulnerability impacts versions up to specific fixed releases, with patches available from Progress Software. The CVSS 4.0 score of 8.6 reflects the high severity due to the ease of exploitation, lack of required authentication, and the potential for full system compromise. No known exploits are currently reported in the wild, but the risk remains significant given the nature of the vulnerability and the widespread use of these drivers in enterprise environments. The vulnerability could allow attackers to execute arbitrary code on systems running vulnerable drivers, potentially leading to data breaches, system manipulation, or disruption of services.

For European organizations, this vulnerability poses a substantial risk to data confidentiality, integrity, and system availability. Many enterprises and public sector entities in Europe rely on JDBC drivers from Progress DataDirect to connect to critical databases such as Amazon Redshift, Oracle, Microsoft SQL Server, and PostgreSQL. Successful exploitation could lead to unauthorized remote code execution, enabling attackers to deploy malware, exfiltrate sensitive data, disrupt business operations, or pivot within networks. The impact is especially severe for organizations handling sensitive personal data under GDPR, as breaches could result in regulatory penalties and reputational damage. Additionally, sectors such as finance, healthcare, telecommunications, and government services that depend heavily on these database technologies are at heightened risk. The broad range of affected drivers increases the attack surface, making supply chain and third-party risk management more complex. Given the network-based attack vector and no need for user interaction, the vulnerability could be exploited remotely, increasing the likelihood of targeted attacks against European infrastructure.

1. Immediately apply the patches released by Progress Software for all affected DataDirect Connect for JDBC drivers and Hybrid Data Pipeline components, ensuring all versions are updated to the fixed releases listed in the advisory. 2. Restrict and validate all inputs that can influence connection string parameters, particularly the SpyAttributes option, to prevent untrusted user control. 3. Implement strict network segmentation and access controls to limit exposure of database connection endpoints to trusted hosts only. 4. Monitor application and driver logs for unusual class loading activities or unexpected connection option values that could indicate exploitation attempts. 5. Employ runtime application self-protection (RASP) or Java security managers to restrict the execution of arbitrary classes and constructors at runtime. 6. Conduct thorough code reviews and security testing of applications that allow dynamic configuration of JDBC connection parameters. 7. Educate developers and administrators about the risks of undocumented driver features and enforce secure coding practices around database connectivity. 8. Maintain an inventory of all JDBC drivers in use across the organization to ensure timely patch management and vulnerability tracking. 9. Consider deploying Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect exploitation patterns related to this vulnerability. 10. Coordinate with vendors and security teams to stay informed about any emerging exploits or additional mitigations.