CVE-2025-32966 | THREATINT

Description

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

PUBLISHED Reserved 2025-04-14 | Published 2025-04-23 | Updated 2025-04-23 | Assigner GitHub_M

HIGH: 8.2CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-290: Authentication Bypass by Spoofing

Product status

< 2.10.8

affected

References

github.com/...taease/security/advisories/GHSA-h7hj-4j78-cvc7

cve.org (CVE-2025-32966)

nvd.nist.gov (CVE-2025-32966)

Download JSON