CVE-2025-57773

High CVSS: 8.2

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.

Vendor

Dataease

Product

Dataease

CWE

CWE-94

Yayın Tarihi

2025-08-25 17:15:30

Güncelleme

2025-09-03 13:43:01

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Dataease HIGH Dataease 2025

Referanslar

https://github.com/dataease/dataease/commit/8d04e92d44e1bac9284e9e64df5afd7f96d9373c https://github.com/dataease/dataease/security/advisories/GHSA-7r8j-6whv-4j5p

Benzer Kayıtlar

High

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handlin…

Critical

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasourc…

Medium

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload…

Critical

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an…

High

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the…

High

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection.…