CVE-2025-53004

Summary

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

Affected Software

VendorProductVersion RangeStatus
dataeasedataease< 2.10.11affected

Weaknesses

  • CWE-153: CWE-153: Improper Neutralization of Substitution Characters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References