CVE-2025-70828

High CVSS: 8.8

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration

Vendor

Product

CWE

Yayın Tarihi

2026-02-17 16:20:25

Güncelleme

2026-04-03 11:33:23

Source Identifier

cve@mitre.org

KEV Date Added

CWE-78 Datart HIGH Running-elephant 2026

https://dev.mysql.com/doc/connector-j/en/connector-j-connprops-interceptor-classes-and-interfaces.html https://github.com/xiaoxiaoranxxx/CVE-2025-70828

Medium

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via…

High

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses…

High

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attack…

Critical

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.