CVE-2025-10768 is a medium-severity vulnerability affecting h2oai's h2o-3 product, specifically versions up to and including 3.46.08. The vulnerability arises from insecure deserialization within an unknown function in the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. The flaw is triggered by manipulation of the 'connection_url' argument, which leads to deserialization of untrusted data. This type of vulnerability can allow an attacker to execute arbitrary code or cause denial of service if exploited successfully. The attack vector is remote network access without requiring user interaction or elevated privileges, making it easier for attackers to exploit. The vendor was notified early but has not responded or provided a patch, and while an exploit has been published, there are no known exploits observed in the wild yet. The CVSS 4.0 base score is 5.3, reflecting a medium severity due to the limited scope of impact on confidentiality, integrity, and availability, and the requirement for some privileges (PR:L) to exploit. The vulnerability does not require user interaction and has low complexity, but the impact on confidentiality, integrity, and availability is limited, which moderates the overall severity. The vulnerability affects a critical component used for database connectivity in h2o-3, a machine learning platform that is often used in data science and enterprise environments.

For European organizations, the impact of this vulnerability could be significant in environments where h2o-3 is deployed, particularly in sectors relying heavily on data analytics and machine learning such as finance, healthcare, and manufacturing. Exploitation could lead to unauthorized code execution, potentially compromising sensitive data or disrupting machine learning workflows. Given the remote exploitability and lack of required user interaction, attackers could leverage this vulnerability to gain footholds in enterprise networks, leading to lateral movement or data exfiltration. The limited vendor response and absence of patches increase the risk exposure. Organizations using IBM DB2 databases in conjunction with h2o-3 may face additional risk due to the involvement of the IBMDB2 JDBC Driver component. The medium severity suggests that while the vulnerability is serious, it may not lead to widespread catastrophic damage but could be used as part of a multi-stage attack chain.

Since no official patch is available, European organizations should implement specific mitigations beyond generic advice: 1) Restrict network access to h2o-3 services, especially the ImportSQLTable functionality, using firewalls or network segmentation to limit exposure to trusted hosts only. 2) Monitor and log all usage of the /99/ImportSQLTable endpoint and the connection_url parameter for unusual or unexpected input patterns indicative of exploitation attempts. 3) Employ application-layer filtering or input validation proxies to detect and block malformed or suspicious deserialization payloads targeting the connection_url argument. 4) Consider disabling or restricting the use of the IBMDB2 JDBC Driver component within h2o-3 if it is not essential to operations. 5) Maintain up-to-date backups and implement robust incident response plans to quickly recover from potential exploitation. 6) Engage with the vendor or community for updates or unofficial patches, and test any mitigations in a controlled environment before deployment. 7) Use runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect anomalous behavior related to deserialization attacks.