PT-2025-11210 · Dataease · Dataease

Hack-Umbrella

·

Published

2025-03-13

·

Updated

2025-03-13

·

CVE-2025-24974

CVSS v4.0

8.6

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6
Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. There are no known workarounds available.
Recommendations: For versions prior to 2.10.6, update to version 2.10.6 to resolve the issue. As a temporary workaround, consider restricting access to the background JDBC connection until the update is applied.

Exploit

Fix

Missing Authorization

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-89

Related Identifiers

CVE-2025-24974
GHSA-WMFP-MJF3-57F5

Affected Products

Dataease