CVE-2025-49001

High CVSS: 7.7

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Vendor

Dataease

Product

Dataease

CWE

CWE-287

Yayın Tarihi

2025-06-03 21:15:22

Güncelleme

2025-06-05 14:07:47

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Dataease HIGH Dataease 2025

Referanslar

https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r https://github.com/dataease/dataease/security/advisories/GHSA-xx2m-gmwg-mf3r

Benzer Kayıtlar

High

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handlin…

Critical

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasourc…

Medium

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload…

Critical

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an…

High

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the…

High

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection.…