CVE-2025-53006 | THREATINT

Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

PUBLISHED Reserved 2025-06-24 | Published 2025-07-02 | Updated 2025-07-02 | Assigner GitHub_M

HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-153: Improper Neutralization of Substitution Characters

Product status

< 2.10.11

affected

References

github.com/...taease/security/advisories/GHSA-q726-5pr9-x7gm

cve.org (CVE-2025-53006)

nvd.nist.gov (CVE-2025-53006)

Download JSON