Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion.


The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.  


This issue affects:

DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541

DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833

DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628

DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279

DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344

DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063

DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964

DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525

DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410
DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727
DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851


DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198

DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957

DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587

DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669

DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364

DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776

DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458

DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316

DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309
DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856

DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189

DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125
DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired

DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858

DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162

DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856

DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430

DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023

DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339
DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430

DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183

DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://community.progress.com/s/article/Progress-DataDirect-Critical-Security-Product-Alert-Bulletin-November-2025 cve-icon cve-icon
History

Wed, 19 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 19 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.   This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2025-11-20T04:55:24.080Z

Reserved: 2025-09-18T19:40:24.114Z

Link: CVE-2025-10702

cve-icon Vulnrichment

Updated: 2025-11-19T16:46:27.811Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-11-19T16:15:46.187

Modified: 2025-11-19T19:14:59.327

Link: CVE-2025-10702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.