CVE-2025-46566 | THREATINT

Description

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

PUBLISHED Reserved 2025-04-24 | Published 2025-05-01 | Updated 2025-05-02 | Assigner GitHub_M

MEDIUM: 6.8CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-284: Improper Access Control

Product status

< 2.10.9

affected

References

github.com/...taease/security/advisories/GHSA-hxw4-vpfp-frgv exploit

github.com/...taease/security/advisories/GHSA-hxw4-vpfp-frgv

cve.org (CVE-2025-46566)

nvd.nist.gov (CVE-2025-46566)

Download JSON