CVE-2025-53005

High CVSS: 8.9

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

Vendor

Dataease

Product

Dataease

CWE

CWE-153

Yayın Tarihi

2025-07-01 01:15:28

Güncelleme

2025-07-16 14:43:07

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-153 Dataease HIGH Dataease 2025

Referanslar

https://github.com/dataease/dataease/security/advisories/GHSA-99c4-h4fq-r23v https://github.com/dataease/dataease/security/advisories/GHSA-99c4-h4fq-r23v

Benzer Kayıtlar

High

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handlin…

Critical

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasourc…

Medium

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload…

Critical

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an…

High

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the…

High

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection.…