According to a recent LinkedIn post from OX Security, the company’s research team has identified a new zero-day remote code execution vulnerability, CVE-2025-11158, in Hitachi Vantara’s Pentaho Data Integration & Analytics platform. The post indicates that more than 2,600 publicly exposed Pentaho instances may be affected if running versions below 11.0.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post explains that a user with “Business Role” permissions could upload a malicious report that executes Groovy scripts on the backend, potentially enabling full system takeover. The company’s researchers recommend upgrading to Pentaho version 11.0 or higher, and link to a detailed technical write-up for additional context.
For investors, the post suggests OX Security is positioning itself as an active threat research player in the software supply chain and analytics security space. Demonstrated capability to discover high-impact vulnerabilities could enhance its credibility with enterprise customers and partners, potentially supporting customer acquisition and pricing power over time.
The disclosure also underscores increasing security pressure on analytics and data-integration platforms, which may expand the addressable market for specialized security solutions. While the direct revenue impact of a single vulnerability discovery is uncertain, sustained visibility and trust gains from such research activities could strengthen OX Security’s competitive standing in the broader cybersecurity ecosystem.