Code Injection Vulnerability in Progress DataDirect JDBC Drivers
CVE-2025-10703

8.6HIGH

Key Information:

Vendor: Progress
Status: Datadirect Connect For Jdbc For Amazon Redshift; Datadirect Connect For Jdbc For Apache Cassandra; Datadirect Connect For Jdbc For Hive; Datadirect Connect For Jdbc For Apache Impala
Vendor: CVE Published:; 19 November 2025

What is CVE-2025-10703?

The vulnerability in Progress DataDirect JDBC drivers allows remote attackers to exploit the SpyAttribute connection option, enabling them to write malicious code into log files. If these files are served by an application server, it could lead to unauthorized code execution, facilitating a range of potential security threats on affected systems. Multi-version exploitation and subsequent impacts on data integrity are noteworthy concerns for all users of the specified drivers.

Affected Version(s)

DataDirect Connect for JDBC Autonomous REST Connector 0 <= 6.0.1.006961

DataDirect Connect for JDBC for Amazon Redshift 0 <= 6.0.0.001392

DataDirect Connect for JDBC for Apache Cassandra 0 <= 6.0.0.000805

References

https://community.progress.com/s/article/Progress-DataDir...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Sep 18, 2025

Credit

Brecht Snijders of Triskele Labs

JSON