Code Injection Vulnerability in Progress DataDirect JDBC Drivers
CVE-2025-10703

8.6HIGH

Key Information:

Vendor

Progress

Status
Datadirect Connect For Jdbc For Amazon Redshift
Datadirect Connect For Jdbc For Apache Cassandra
Datadirect Connect For Jdbc For Hive
Datadirect Connect For Jdbc For Apache Impala
Vendor
CVE Published:
19 November 2025

What is CVE-2025-10703?

The vulnerability in Progress DataDirect JDBC drivers allows remote attackers to exploit the SpyAttribute connection option, enabling them to write malicious code into log files. If these files are served by an application server, it could lead to unauthorized code execution, facilitating a range of potential security threats on affected systems. Multi-version exploitation and subsequent impacts on data integrity are noteworthy concerns for all users of the specified drivers.

Affected Version(s)

DataDirect Connect for JDBC Autonomous REST Connector 0 <= 6.0.1.006961

DataDirect Connect for JDBC for Amazon Redshift 0 <= 6.0.0.001392

DataDirect Connect for JDBC for Apache Cassandra 0 <= 6.0.0.000805

References

https://community.progress.com/s/article/Progress-DataDir...

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brecht Snijders of Triskele Labs
JSON
.
CVE-2025-10703 : Code Injection Vulnerability in Progress DataDirect JDBC Drivers