A critical remote code execution vulnerability has been identified in the H2O.ai H2O-3 platform, designated as CVE-2025-6544. This flaw allows an unauthenticated attacker to take complete control of affected systems by sending a specially crafted data request, potentially leading to data theft, system compromise, or service disruption. Due to its critical severity (CVSS 9.8) and ease of exploitation, immediate remediation is required.

The vulnerability is a result of insecure deserialization of user-supplied data. The H2O-3 application fails to properly validate data it receives before processing it, allowing an attacker to send a malicious serialized object. When the application deserializes this object, it can trigger unintended actions, such as reading sensitive files from the server's file system or executing arbitrary commands with the permissions of the H2O-3 service account.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk to the organization. Successful exploitation could lead to a complete compromise of the affected server, granting the attacker full control over the system's confidentiality, integrity, and availability. Potential consequences include exfiltration of sensitive business or customer data, deployment of ransomware, manipulation of critical data processed by the platform, and using the compromised system as a pivot point to attack other internal network resources.

Immediate Action: Immediately update all instances of h2oai/h2o-3 to a version later than 3.46.0.8 as recommended by the vendor. After patching, review system and application access logs for any signs of compromise or unusual activity preceding the update.

Proactive Monitoring: Monitor network traffic to and from affected servers for unusual patterns or payloads, which may indicate exploitation attempts. System administrators should look for unexpected process executions (e.g., shells, command interpreters) spawned by the H2O-3 service. Application logs should be monitored for deserialization errors or anomalous serialized data strings.

Compensating Controls: If immediate patching is not feasible, restrict network access to the H2O-3 application interface to only trusted IP addresses and internal networks using a firewall or Web Application Firewall (WAF). Run the H2O-3 service with the lowest possible user privileges to limit the potential impact of code execution.

Public Exploit Available: true

This vulnerability represents a critical and immediate threat to the organization. Due to the public availability of exploit code and the high CVSS score of 9.8, all affected h2oai/h2o-3 instances must be patched immediately. This vulnerability should be treated with the highest priority. If patching cannot be performed right away, the recommended compensating controls must be implemented as a temporary measure, and a plan for patching must be expedited.