According to a recent LinkedIn post from OX Security, the company’s research team has identified a zero‑day vulnerability, CVE‑2025‑11158, in Hitachi Vantara’s Pentaho Data Integration & Analytics platform. The post indicates the flaw is a critical remote code execution issue tied to file uploads and may affect more than 2,600 publicly exposed Pentaho instances running below version 11.0.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights that exploitation reportedly requires only “Business Role” permissions to upload a malicious report that can execute Groovy scripts on the backend, potentially enabling full system takeover. The post advises users to upgrade to Pentaho version 11.0 or higher, suggesting that remediation is available for affected environments.
For investors, the post underscores OX Security’s emphasis on vulnerability research as a differentiating capability in the cybersecurity market. Demonstrating the discovery of a widely exposed zero‑day could strengthen the firm’s credibility with enterprise customers and partners, potentially supporting customer acquisition and pricing power.
At the same time, the disclosure points to ongoing security risks in widely deployed analytics platforms, which may drive additional demand for software supply chain and application‑security solutions. If OX Security can effectively convert such research findings into commercial engagements, the activity described in the post could have a positive long‑term impact on its revenue trajectory and competitive positioning.