CVE-2025-56816

High CVSS: 8.8

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load() or loadAs() method without input sanitization. This allows deserialization of attacker-controlled YAML content, leading to arbitrary class instantiation. Under certain conditions, this can be exploited to achieve remote code execution (RCE).

Vendor

Running-elephant

Product

Datart

CWE

CWE-22

Yayın Tarihi

2025-09-24 17:15:41

Güncelleme

2025-10-10 21:06:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Datart HIGH Running-elephant 2025

Referanslar

https://github.com/running-elephant/datart https://github.com/xiaoxiaoranxxx/CVE-2025-56815

Benzer Kayıtlar

High

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuratio…

Medium

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via…

High

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses…

Critical

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.