🔐 CVE Alert

CVE-2025-10702

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.   This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022

CWE CWE-94
Vendor progress
Product datadirect connect for jdbc for amazon redshift
Published Nov 19, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for progress datadirect connect for jdbc for amazon redshift

Be the first to know when new unknown vulnerabilities affecting progress datadirect connect for jdbc for amazon redshift are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Progress / DataDirect Connect for JDBC for Amazon Redshift
0 ≤ 6.0.0.001392
Progress / DataDirect Connect for JDBC for Apache Cassandra
0 ≤ 6.0.0.000805
Progress / DataDirect Connect for JDBC for Hive
0 ≤ 6.0.1.001499
Progress / DataDirect Connect for JDBC for Apache Impala
0 ≤ 6.0.0.001155
Progress / DataDirect Connect for JDBC for Apache SparkSQL
0 ≤ 6.0.1.001222
Progress / DataDirect Connect for JDBC Autonomous REST Connector
0 ≤ 6.0.1.006961
Progress / DataDirect Connect for JDBC for DB2
0 ≤ 6.0.0.000717
Progress / DataDirect Connect for JDBC for Google Analytics 4
0 ≤ 6.0.0.000454
Progress / DataDirect Connect for JDBC for Google BigQuery
0 ≤ 6.0.0.002279
Progress / DataDirect Connect for JDBC for Greenplum
0 ≤ 6.0.0.001712
Progress / DataDirect Connect for JDBC for Informix
0 ≤ 6.0.0.000690
Progress / DataDirect Connect for JDBC for Microsoft Dynamics 365
0 ≤ 6.0.0.003161
Progress / DataDirect Connect for JDBC for Microsoft SQLServer
0 ≤ 6.0.0.001936
Progress / DataDirect Connect for JDBC for Microsoft Sharepoint
0 ≤ 6.0.0.001559
Progress / DataDirect Connect for JDBC for MongoDB
0 ≤ 6.1.0.001654
Progress / DataDirect Connect for JDBC for MySQL
0 ≤ 5.1.4.000330
Progress / DataDirect Connect for JDBC for Oracle Database
0 ≤ 6.0.0.001747
Progress / DataDirect Connect for JDBC for Oracle Eloqua
0 ≤ 6.0.0.001438
Progress / DataDirect Connect for JDBC for Oracle Sales Cloud
0 ≤ 6.0.0.001225
Progress / DataDirect Connect for JDBC for Oracle Service Cloud
0 ≤ 5.1.4.000298
Progress / DataDirect Connect for JDBC for PostgreSQL
0 ≤ 6.0.0.001843
Progress / DataDirect Connect for JDBC for Progress OpenEdge
0 ≤ 5.1.4.000187
Progress / DataDirect Connect for JDBC for Salesforce
0 ≤ 6.0.0.003020
Progress / DataDirect Connect for JDBC for SAP HANA
0 ≤ 6.0.0.000879
Progress / DataDirect Connect for JDBC for SAP S/4 HANA
0 ≤ 6.0.1.001818
Progress / DataDirect Connect for JDBC for Sybase ASE
0 ≤ 5.1.4.000161
Progress / DataDirect Connect for JDBC for Snowflake
0 ≤ 6.0.1.001821
Progress / DataDirect Hybrid Data Pipeline Server
0 ≤ 4.6.2.3309
Progress / DataDirect Hybrid Data Pipeline JDBC Driver
0 ≤ 4.6.2.0607
Progress / DataDirect Hybrid Data Pipeline On Premises Connector
0 ≤ 4.6.2.1223
Progress / DataDirect Hybrid Data Pipeline Docker
0 ≤ 4.6.2.3316
Progress / DataDirect OpenAccess JDBC Driver
0 ≤ 8.1.0.0177
Progress / DataDirect OpenAccess JDBC Driver
0 ≤ 9.0.0.0019

References

NVD ↗ CVE.org ↗ EPSS Data ↗
community.progress.com: https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025

Credits

🔍 Brecht Snijders of Triskele Labs