CVE-2025-48999
6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Summary
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType() retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dataease | dataease | < 2.10.10 | affected |
Weaknesses
- CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://github.com/dataease/dataease/security/advisories/GHSA-6pq2-6q8x-mp2r
- https://github.com/dataease/dataease/commit/03b18db8a0fb7e9dc2c44f6d26d8c6221b7748c4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.