We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53006

Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability



Description

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

Reserved 2025-06-24 | Published 2025-07-02 | Updated 2025-07-02 | Assigner GitHub_M


HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-153: Improper Neutralization of Substitution Characters

Product status

< 2.10.11
affected

References

github.com/...taease/security/advisories/GHSA-q726-5pr9-x7gm

cve.org (CVE-2025-53006)

nvd.nist.gov (CVE-2025-53006)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53006

Support options

Helpdesk Chat, Email, Knowledgebase