CVE-2025-32966

Summary

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

Affected Software

VendorProductVersion RangeStatus
dataeasedataease< 2.10.8affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References