Home

Description

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.

PUBLISHED Reserved 2025-05-29 | Published 2025-06-03 | Updated 2025-06-04 | Assigner GitHub_M




MEDIUM: 6.8CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-284: Improper Access Control

Product status

< 2.10.10
affected

References

github.com/...taease/security/advisories/GHSA-6pq2-6q8x-mp2r exploit

github.com/...taease/security/advisories/GHSA-6pq2-6q8x-mp2r

github.com/...ommit/03b18db8a0fb7e9dc2c44f6d26d8c6221b7748c4

cve.org (CVE-2025-48999)

nvd.nist.gov (CVE-2025-48999)

Download JSON