CVE-2025-53005

Summary

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

Affected Software

VendorProductVersion RangeStatus
dataeasedataease< 2.10.11affected

Weaknesses

  • CWE-153: CWE-153: Improper Neutralization of Substitution Characters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References