CVE-2025-46566

Summary

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

Affected Software

VendorProductVersion RangeStatus
dataeasedataease< 2.10.9affected

Weaknesses

  • CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References