CVE-2025-5662 is a critical deserialization vulnerability (CWE-502) affecting the H2O-3 machine learning platform's REST API, specifically the POST /99/ImportSQLTable endpoint. This vulnerability exists in all versions of h2oai/h2o-3 up to 3.46.0.7. The root cause is improper validation of JDBC connection parameters when provided in a Key-Value format, which allows an attacker to craft malicious serialized data that the system deserializes without adequate checks. The vulnerability leverages the MySQL JDBC Driver version 8.0.19 and JDK version 8u112, both of which are components involved in processing the JDBC connection parameters. Successful exploitation leads to remote code execution (RCE) without requiring authentication or user interaction, making it highly dangerous. The vulnerability has a CVSS v3.0 score of 9.8, indicating critical severity with network attack vector, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. The issue was resolved in h2o-3 version 3.46.0.8. No known exploits are currently reported in the wild, but the ease of exploitation and severity suggest that attackers may develop exploits rapidly. The vulnerability affects systems running the vulnerable versions of H2O-3 that integrate with MySQL databases using the specified JDBC driver and JDK versions. Given the nature of H2O-3 as a widely used open-source machine learning platform, this vulnerability poses a significant risk to data science and analytics environments that rely on it for data import and processing.

For European organizations, the impact of CVE-2025-5662 is substantial. Many enterprises, research institutions, and government agencies in Europe use H2O-3 for machine learning and data analytics, often integrating it with MySQL databases. Exploitation of this vulnerability could allow attackers to execute arbitrary code remotely, leading to full system compromise. This could result in theft or manipulation of sensitive data, disruption of critical analytics workflows, and potential lateral movement within networks. The confidentiality, integrity, and availability of data and services are all at risk. Given the criticality of data-driven decision-making in sectors such as finance, healthcare, manufacturing, and public administration across Europe, the consequences could include regulatory non-compliance (e.g., GDPR violations), financial losses, reputational damage, and operational downtime. The lack of authentication and user interaction requirements further increases the risk, as attackers can exploit exposed REST API endpoints directly over the network. Organizations using vulnerable versions of H2O-3 in production or development environments should consider this a high-priority threat.

To mitigate CVE-2025-5662, European organizations should immediately upgrade to h2oai/h2o-3 version 3.46.0.8 or later, where the vulnerability is patched. If immediate upgrade is not feasible, organizations should restrict network access to the vulnerable REST API endpoints by implementing strict firewall rules and network segmentation to limit exposure only to trusted hosts. Additionally, monitoring and logging of API requests should be enhanced to detect anomalous or suspicious deserialization attempts. Organizations should verify that the MySQL JDBC Driver is updated beyond version 8.0.19 and that the JDK version is upgraded beyond 8u112 to versions that address known deserialization issues. Employing runtime application self-protection (RASP) or web application firewalls (WAF) with deserialization attack detection capabilities can provide additional layers of defense. Finally, organizations should conduct thorough audits of their H2O-3 deployments and associated data pipelines to identify any signs of compromise and ensure secure configuration management practices are in place for all machine learning infrastructure components.