CVE-2025-10768 is a medium-severity vulnerability affecting h2oai's h2o-3 product, specifically versions up to 3.46.08. The flaw resides in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. The vulnerability is triggered by manipulation of the 'connection_url' argument, which leads to unsafe deserialization. Deserialization vulnerabilities occur when untrusted data is processed by an application to reconstruct objects, potentially allowing attackers to execute arbitrary code or cause denial of service. This vulnerability can be exploited remotely without user interaction or authentication, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, indicating limited privileges but still no authentication), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor was notified but has not responded or released a patch, and no known exploits are currently observed in the wild, though proof-of-concept exploit code has been published. The vulnerability's root cause is unsafe deserialization in the JDBC driver component used by h2o-3, which is a machine learning platform widely used for data analysis and modeling. Exploitation could allow attackers to execute arbitrary code or disrupt service remotely by sending crafted connection URLs to the affected component.

For European organizations using h2oai h2o-3, especially those leveraging IBM DB2 databases via the IBMDB2 JDBC Driver, this vulnerability poses a significant risk. Successful exploitation could lead to remote code execution or denial of service, compromising the confidentiality, integrity, and availability of critical machine learning workloads and data pipelines. This could disrupt business operations, lead to data breaches, or allow attackers to pivot within internal networks. Given the increasing reliance on AI/ML platforms in sectors such as finance, healthcare, and manufacturing across Europe, exploitation could have cascading effects on data-driven decision-making and operational continuity. The lack of vendor response and absence of patches increases exposure time, raising the urgency for organizations to implement mitigations. Although the CVSS score is medium, the remote, unauthenticated nature of the exploit and the potential for code execution elevate the threat level in environments where h2o-3 is integrated with IBM DB2 databases.

European organizations should immediately audit their use of h2o-3 versions up to 3.46.08, focusing on deployments that utilize the IBMDB2 JDBC Driver. Until a vendor patch is available, organizations should implement network-level controls to restrict access to the affected components, such as firewall rules limiting inbound traffic to trusted hosts and networks. Employ application-layer filtering or proxy solutions to validate and sanitize inputs, particularly the 'connection_url' parameter, to prevent malicious deserialization payloads. Consider isolating or sandboxing the h2o-3 service to limit the impact of potential exploitation. Monitoring and logging should be enhanced to detect anomalous connection attempts or suspicious deserialization activity. If feasible, temporarily disable or replace the IBMDB2 JDBC Driver component or migrate to alternative database connectors not affected by this vulnerability. Engage with the vendor for updates and track threat intelligence feeds for emerging exploit activity. Additionally, conduct internal penetration testing targeting deserialization vectors to assess exposure.