CVE-2025-0655

Name of the Vulnerable Software and Affected Versions man-group/dtale version 3.15.1

Description A vulnerability in man-group/dtale allows an attacker to override global state settings to enable the enable custom filters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the "/test-filter" endpoint to execute arbitrary system commands, leading to remote code execution (RCE). This issue is addressed in version 3.16.1.

Recommendations Update to version 3.16.1 to fix the issue. As a temporary workaround, consider disabling the enable custom filters feature until a patch is available. Restrict access to the "/test-filter" endpoint to minimize the risk of exploitation. Avoid using the enable custom filters feature in the affected API endpoint until the issue is resolved.