CVE-2025-10703 is a critical code injection vulnerability categorized under CWE-94, impacting Progress DataDirect Connect for JDBC drivers and related products. The root cause lies in the SpyAttribute connection option, which permits specifying a log file path for the JDBC driver’s logging output. If an application allows end users to set this option, an attacker can inject arbitrary JavaScript code into the log file. When the log file is placed in a location accessible by the application server and served as a resource, the malicious script can be executed remotely, effectively enabling remote code execution (RCE). This vulnerability affects numerous DataDirect JDBC drivers for various databases including Amazon Redshift, Apache Cassandra, Hive, Microsoft SQL Server, Oracle, PostgreSQL, and others, as well as the DataDirect Hybrid Data Pipeline and OpenAccess JDBC drivers. The flaw exists in versions prior to the fixed releases listed, with no authentication or user interaction required for exploitation. The vulnerability’s CVSS 4.0 score is 8.6, reflecting its high impact on confidentiality, integrity, and availability, combined with ease of exploitation. Although no exploits have been observed in the wild yet, the broad product impact and potential for severe damage necessitate immediate remediation. The vulnerability allows attackers to leverage logging mechanisms to inject and execute malicious code, posing significant risks to data confidentiality and system integrity in environments using these drivers.

The impact of CVE-2025-10703 is substantial for organizations worldwide that utilize Progress DataDirect Connect for JDBC drivers or related products in their data access infrastructure. Successful exploitation can lead to remote code execution on application servers, enabling attackers to execute arbitrary JavaScript code. This can result in data theft, unauthorized access, system compromise, and potential lateral movement within networks. The vulnerability undermines confidentiality by exposing sensitive data through malicious scripts, compromises integrity by allowing unauthorized code execution, and threatens availability if attackers disrupt services. Given the wide range of affected database platforms and the common use of these JDBC drivers in enterprise environments, the scope of affected systems is broad. The lack of required authentication and user interaction lowers the barrier to exploitation, increasing risk. Organizations with web-facing applications or services that log user-controlled input via these drivers are particularly vulnerable. The potential for exploitation in cloud, on-premises, and hybrid environments further amplifies the threat. Without timely patching, attackers could leverage this vulnerability to establish persistent footholds, exfiltrate data, or disrupt critical business operations.

To mitigate CVE-2025-10703, organizations should immediately upgrade all affected Progress DataDirect Connect for JDBC drivers and related products to the fixed versions specified by the vendor. Specifically, ensure that versions are at or beyond the fixed releases listed for each affected product. Additionally, audit all applications and services using these JDBC drivers to verify that the SpyAttribute connection option is not exposed to untrusted end users or external inputs. Implement strict input validation and sanitization controls to prevent injection of malicious values into logging configuration parameters. Restrict file system permissions and web server configurations to prevent log files from being served as executable resources or accessible via HTTP endpoints. Employ application-layer firewalls or runtime application self-protection (RASP) solutions to detect and block suspicious log file access or script execution attempts. Conduct thorough security reviews of logging practices to avoid writing logs to web-accessible directories. Finally, monitor logs and network traffic for any signs of exploitation attempts or anomalous behavior related to this vulnerability. Establish incident response plans to quickly address any detected exploitation.